feat: add channel support

feat: add person search dropdown

.github/workflows/deploy-staging.yml

@@ -0,0 +1,23 @@
+name: Staging CI & CD
+
+on:
+  push:
+    branches: [main]
+  workflow_dispatch:
+
+jobs:
+  build-and-deploy:
+    runs-on: ubuntu-latest
+    environment: Deploy
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Deploy to Server
+        uses: appleboy/ssh-action@v1.0.3
+        with:
+          host: ${{ secrets.SSH_HOST }}
+          username: root
+          key: ${{ secrets.SSH_KEY }}
+          script: bash /opt/openisle/deploy-staging.sh
+

.github/workflows/deploy.yml

@@ -1,9 +1,9 @@
 name: CI & CD
 
 on:
-  push:
-    branches: [main]
   workflow_dispatch:
+  schedule:
+    - cron: "0 19 * * *"   # 每天 UTC 19:00，相当于北京时间凌晨3点
 
 jobs:
   build-and-deploy:
@@ -13,22 +13,6 @@ jobs:
     steps:
       - uses: actions/checkout@v4
 
-      # - uses: actions/setup-java@v4
-      #   with:
-      #     java-version: '17'
-      #     distribution: 'temurin'
-
-      # - run: mvn -B clean package -DskipTests
-
-      # - uses: actions/setup-node@v4
-      #   with:
-      #     node-version: '20'
-
-      # - run: |
-      #     cd open-isle-cli
-      #     npm ci
-      #     npm run build
-
       - name: Deploy to Server
         uses: appleboy/ssh-action@v1.0.3
         with:

.husky/pre-commit

@@ -1,4 +1 @@
-#!/usr/bin/env sh
-. "$(dirname -- "$0")/_/husky.sh"
-
 npx lint-staged

CONTRIBUTING.md

@@ -0,0 +1,116 @@
+#### **⚠️注意：仅想修改前端的朋友可不用部署后端服务**
+
+## 如何部署
+
+> Step1 先克隆仓库
+
+```shell
+git clone https://github.com/nagisa77/OpenIsle.git
+cd OpenIsle
+```
+
+> Step2 后端部署
+
+```shell
+cd backend
+```
+
+以IDEA编辑器为例，IDEA打开backend文件夹。
+
+- 设置VM Option，最好运行在其他端口，非8080，这里设置8081
+
+```shell
+-Dserver.port=8081
+```
+
+![CleanShot 2025-08-04 at 11 .35.49.png](https://openisle-1307107697.cos.accelerate.myqcloud.com/dynamic_assert/4cf210cfc6ea478a80dfc744c85ccdc4.png)
+
+- 设置jdk版本为java 17
+
+![CleanShot 2025-08-04 at 11 .38.03@2x.png](https://openisle-1307107697.cos.accelerate.myqcloud.com/dynamic_assert/392eeec753ae436ca12a78f750dfea2d.png)
+
+- 本机配置MySQL服务（网上很多教程，忽略）
+- 设置环境变量.env 文件 或.properties 文件（二选一）
+
+1. 环境变量文件生成
+
+```shell
+cp open-isle.env.example open-isle.env
+```
+
+修改环境变量，留下需要的，比如你要开发Google登录业务，就需要谷歌相关的变量，数据库是一定要的
+
+![CleanShot 2025-08-04 at 11 .41.36@2x.png](https://openisle-1307107697.cos.accelerate.myqcloud.com/dynamic_assert/896c8363b6e64ea19d18c12ec4dae2b4.png)
+
+应用环境文件， 选择刚刚的`open-isle.env`
+
+![CleanShot 2025-08-04 at 11 .44.41.png](https://openisle-1307107697.cos.accelerate.myqcloud.com/dynamic_assert/f588e37838014a6684c141605639b9fa.png)
+
+2. 直接修改 .properities 文件
+
+位置src/main/application.properties, 数据库需要修改标红处，其他按需修改
+
+![CleanShot 2025-08-04 at 11 .47.11@2x.png](https://openisle-1307107697.cos.accelerate.myqcloud.com/dynamic_assert/28c3104448a245419e0b06aee861abb4.png)
+
+处理完环境问题直接跑起来就能通了
+
+![CleanShot 2025-08-04 at 11 .49.01@2x.png](https://openisle-1307107697.cos.accelerate.myqcloud.com/dynamic_assert/2c945eae44b1477db09e80fc96b5e02d.png)
+
+> Step3 前端部署
+
+前端可以依赖本机部署的后端，也可以直接调用线上的后端接口
+
+```shell
+cd ../frontend_nuxt/
+```
+
+copy环境.env文件
+
+```shell
+cp .env.staging.example .env
+```
+
+1. 依赖本机部署的后端：打开本文件夹，修改.env 修改为瞄准本机后端端口
+
+```yaml
+; 本地部署后端
+NUXT_PUBLIC_API_BASE_URL=https://127.0.0.1:8081
+; 预发环境后端
+; NUXT_PUBLIC_API_BASE_URL=https://staging.open-isle.com
+; 生产环境后端
+; NUXT_PUBLIC_API_BASE_URL=https://www.open-isle.com
+```
+
+2. 依赖预发环境后台环境
+
+**(⚠️强烈推荐只部署前端的朋友使用该环境)**
+
+```yaml
+; 本地部署后端
+; NUXT_PUBLIC_API_BASE_URL=https://127.0.0.1:8081
+; 预发环境后端
+NUXT_PUBLIC_API_BASE_URL=https://staging.open-isle.com
+; 生产环境后端
+; NUXT_PUBLIC_API_BASE_URL=https://www.open-isle.com
+```
+
+4. 依赖线上后台环境
+
+```yaml
+; 本地部署后端
+; NUXT_PUBLIC_API_BASE_URL=https://127.0.0.1:8081
+; 预发环境后端
+; NUXT_PUBLIC_API_BASE_URL=https://staging.open-isle.com
+; 生产环境后端
+NUXT_PUBLIC_API_BASE_URL=https://www.open-isle.com
+```
+
+```shell
+# 安装依赖
+npm install --verbose
+
+# 运行前端服务
+npm run dev
+```
+
+如此一来，浏览器访问 http://127.0.0.1:3000 即可访问前端页面

README.md

@@ -1,28 +1,18 @@
 <p align="center">
   <img alt="OpenIsle" src="https://openisle-1307107697.cos.ap-guangzhou.myqcloud.com/assert/image.png" width="200">
-  <br><br>
-  高效的开源社区前后端端平台
-  <br><br>
-  <a href="LICENSE"><img src="https://img.shields.io/badge/license-MIT-blue.svg?style=flat-square"></a>
+  <br>
+  高效的开源社区前后端平台
+  <br><br><br>
+  <img alt="Image" src="https://openisle-1307107697.cos.accelerate.myqcloud.com/dynamic_assert/22752cfac5a04a9c90c41995b9f55fed.png" width="1200">
 </p>
 
 ## 💡 简介
 
 OpenIsle 是一个使用 Spring Boot 和 Vue 3 构建的全栈开源社区平台，提供用户注册、登录、贴文发布、评论交互等完整功能，可用于项目社区或直接打造自主社区站点。
 
-## 🚀 部署
+## 🚧 开发 & 部署
 
-### 后端
-
-1. 确保安装 JDK 17 及 Maven
-2. 信息配置修改 `src/main/resources/application.properties`，或通过环境变量设置数据库等参数
-3. 执行 `mvn clean package` 生成包，之后使用 `java -jar target/openisle-0.0.1-SNAPSHOT.jar`启动，或在开发时直接使用 `mvn spring-boot:run`
-
-### 前端
-
-1. `cd open-isle-cli`
-2. 执行 `npm install`
-3. `npm run serve`可在本地启动开发服务，产品环境使用 `npm run build`生成 `dist/` 文件，配合线上网站方式部署
+详细见 [Contributing](https://github.com/nagisa77/OpenIsle?tab=contributing-ov-file)
 
 ## ✨ 项目特点
 

backend/open-isle.env.example

@@ -3,6 +3,12 @@ MYSQL_URL=jdbc:mysql://<数据库地址>:<端口>/<数据库名>?useUnicode=yes&
 MYSQL_USER=<数据库用户名>
 MYSQL_PASSWORD=<数据库密码>
 
+# === JWT ===
+JWT_SECRET=<jwt secret>
+JWT_REASON_SECRET=<jwt reason secret>
+JWT_RESET_SECRET=<jwt reset secret>
+JWT_INVITE_SECRET=<jwt invite secret>
+JWT_EXPIRATION=2592000000
 
 # === Resend ===
 RESEND_API_KEY=<你的resend-api-key>
@@ -30,4 +36,4 @@ OPENAI_API_KEY=<你的openai-api-key>
 WEBPUSH_PUBLIC_KEY=<你的webpush-public-key>
 WEBPUSH_PRIVATE_KEY=<你的webpush-private-key>
 
-# LOG_LEVEL=DEBUG
+# LOG_LEVEL=DEBUG

backend/pom.xml

@@ -26,6 +26,10 @@
       <groupId>org.springframework.boot</groupId>
       <artifactId>spring-boot-starter-web</artifactId>
     </dependency>
+    <dependency>
+      <groupId>org.springframework.boot</groupId>
+      <artifactId>spring-boot-starter-websocket</artifactId>
+    </dependency>
     <dependency>
       <groupId>org.slf4j</groupId>
       <artifactId>slf4j-api</artifactId>
@@ -38,6 +42,16 @@
       <groupId>org.springframework.boot</groupId>
       <artifactId>spring-boot-starter-security</artifactId>
     </dependency>
+    <dependency>
+      <groupId>com.vladsch.flexmark</groupId>
+      <artifactId>flexmark-all</artifactId>
+      <version>0.64.8</version>
+    </dependency>
+    <dependency>
+      <groupId>org.jsoup</groupId>
+      <artifactId>jsoup</artifactId>
+      <version>1.17.2</version>
+    </dependency>
     <dependency>
       <groupId>com.mysql</groupId>
       <artifactId>mysql-connector-j</artifactId>

backend/src/main/java/com/openisle/config/ActivityInitializer.java

@@ -6,6 +6,8 @@ import com.openisle.repository.ActivityRepository;
 import lombok.RequiredArgsConstructor;
 import org.springframework.boot.CommandLineRunner;
 import org.springframework.stereotype.Component;
+import java.time.LocalDate;
+import java.time.LocalDateTime;
 
 @Component
 @RequiredArgsConstructor
@@ -22,5 +24,16 @@ public class ActivityInitializer implements CommandLineRunner {
             a.setContent("为了有利于建站推广以及激励发布内容，我们推出了建站送奶茶的活动，前50名达到level 1的用户，可以联系站长获取奶茶/咖啡一杯");
             activityRepository.save(a);
         }
+
+        if (activityRepository.findByType(ActivityType.INVITE_POINTS) == null) {
+            Activity a = new Activity();
+            a.setTitle("🎁邀请码送积分活动");
+            a.setType(ActivityType.INVITE_POINTS);
+            a.setIcon("https://img.icons8.com/color/96/gift.png");
+            a.setContent("使用邀请码注册或邀请好友即可获得积分奖励，快来参与吧！");
+            a.setStartTime(LocalDateTime.now());
+            a.setEndTime(LocalDate.of(LocalDate.now().getYear(), 10, 1).atStartOfDay());
+            activityRepository.save(a);
+        }
     }
 }

backend/src/main/java/com/openisle/config/ChannelInitializer.java

@@ -0,0 +1,32 @@
+package com.openisle.config;
+
+import com.openisle.model.MessageConversation;
+import com.openisle.repository.MessageConversationRepository;
+import lombok.RequiredArgsConstructor;
+import org.springframework.boot.CommandLineRunner;
+import org.springframework.stereotype.Component;
+
+@Component
+@RequiredArgsConstructor
+public class ChannelInitializer implements CommandLineRunner {
+    private final MessageConversationRepository conversationRepository;
+
+    @Override
+    public void run(String... args) {
+        if (conversationRepository.countByChannelTrue() == 0) {
+            MessageConversation chat = new MessageConversation();
+            chat.setChannel(true);
+            chat.setName("吹水群");
+            chat.setDescription("吹水聊天");
+            chat.setAvatar("/default-avatar.svg");
+            conversationRepository.save(chat);
+
+            MessageConversation tech = new MessageConversation();
+            tech.setChannel(true);
+            tech.setName("技术讨论群");
+            tech.setDescription("讨论技术相关话题");
+            tech.setAvatar("/default-avatar.svg");
+            conversationRepository.save(tech);
+        }
+    }
+}

backend/src/main/java/com/openisle/config/PointGoodInitializer.java

@@ -0,0 +1,31 @@
+package com.openisle.config;
+
+import com.openisle.model.PointGood;
+import com.openisle.repository.PointGoodRepository;
+import lombok.RequiredArgsConstructor;
+import org.springframework.boot.CommandLineRunner;
+import org.springframework.stereotype.Component;
+
+/** Initialize default point mall goods. */
+@Component
+@RequiredArgsConstructor
+public class PointGoodInitializer implements CommandLineRunner {
+    private final PointGoodRepository pointGoodRepository;
+
+    @Override
+    public void run(String... args) {
+        if (pointGoodRepository.count() == 0) {
+            PointGood g1 = new PointGood();
+            g1.setName("GPT Plus 1 个月");
+            g1.setCost(20000);
+            g1.setImage("https://openisle-1307107697.cos.ap-guangzhou.myqcloud.com/assert/icons/chatgpt.png");
+            pointGoodRepository.save(g1);
+
+            PointGood g2 = new PointGood();
+            g2.setName("奶茶");
+            g2.setCost(5000);
+            g2.setImage("https://openisle-1307107697.cos.ap-guangzhou.myqcloud.com/assert/icons/coffee.png");
+            pointGoodRepository.save(g2);
+        }
+    }
+}

backend/src/main/java/com/openisle/config/SecurityConfig.java

@@ -75,9 +75,11 @@ public class SecurityConfig {
         cfg.setAllowedOrigins(List.of(
                 "http://127.0.0.1:8080",
                 "http://127.0.0.1:3000",
+                "http://127.0.0.1:3001",
                 "http://127.0.0.1",
                 "http://localhost:8080",
                 "http://localhost:3000",
+                "http://localhost:3001",
                 "http://localhost",
                 "http://30.211.97.238:3000",
                 "http://30.211.97.238",
@@ -97,11 +99,13 @@ public class SecurityConfig {
     @Bean
     public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
         http.csrf(csrf -> csrf.disable())
-                .cors(Customizer.withDefaults())         // 让 Spring 自带 CorsFilter 处理预检
-            .sessionManagement(sm -> sm.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
+                .cors(Customizer.withDefaults())
+                .headers(h -> h.frameOptions(f -> f.sameOrigin()))
+                .sessionManagement(sm -> sm.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
             .exceptionHandling(eh -> eh.accessDeniedHandler(customAccessDeniedHandler))
             .authorizeHttpRequests(auth -> auth
                     .requestMatchers(HttpMethod.OPTIONS, "/**").permitAll()
+                    .requestMatchers("/api/ws/**", "/api/sockjs/**").permitAll()
                     .requestMatchers(HttpMethod.POST, "/api/auth/**").permitAll()
                     .requestMatchers(HttpMethod.GET, "/api/posts/**").permitAll()
                     .requestMatchers(HttpMethod.GET, "/api/comments/**").permitAll()
@@ -117,6 +121,9 @@ public class SecurityConfig {
                     .requestMatchers(HttpMethod.GET, "/api/reaction-types").permitAll()
                     .requestMatchers(HttpMethod.GET, "/api/activities/**").permitAll()
                     .requestMatchers(HttpMethod.GET, "/api/sitemap.xml").permitAll()
+                    .requestMatchers(HttpMethod.GET, "/api/rss").permitAll()
+                    .requestMatchers(HttpMethod.GET, "/api/point-goods").permitAll()
+                    .requestMatchers(HttpMethod.POST, "/api/point-goods").permitAll()
                     .requestMatchers(HttpMethod.POST, "/api/categories/**").hasAuthority("ADMIN")
                     .requestMatchers(HttpMethod.POST, "/api/tags/**").authenticated()
                     .requestMatchers(HttpMethod.DELETE, "/api/categories/**").hasAuthority("ADMIN")
@@ -149,7 +156,9 @@ public class SecurityConfig {
                         uri.startsWith("/api/search") || uri.startsWith("/api/users") ||
                          uri.startsWith("/api/reaction-types") || uri.startsWith("/api/config") ||
                          uri.startsWith("/api/activities") || uri.startsWith("/api/push/public-key") ||
-                         uri.startsWith("/api/sitemap.xml") || uri.startsWith("/api/medals"));
+                                uri.startsWith("/api/point-goods") ||
+                         uri.startsWith("/api/sitemap.xml") || uri.startsWith("/api/medals") ||
+                         uri.startsWith("/api/rss"));
 
                 if (authHeader != null && authHeader.startsWith("Bearer ")) {
                     String token = authHeader.substring(7);
@@ -165,7 +174,8 @@ public class SecurityConfig {
                         response.getWriter().write("{\"error\": \"Invalid or expired token\"}");
                         return;
                     }
-                } else if (!uri.startsWith("/api/auth") && !publicGet) {
+                } else if (!uri.startsWith("/api/auth") && !publicGet
+                        && !uri.startsWith("/api/ws") && !uri.startsWith("/api/sockjs")) {
                     response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
                     response.setContentType("application/json");
                     response.getWriter().write("{\"error\": \"Missing token\"}");

backend/src/main/java/com/openisle/config/WebSocketConfig.java

@@ -0,0 +1,110 @@
+package com.openisle.config;
+
+import com.openisle.service.JwtService;
+import lombok.RequiredArgsConstructor;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.messaging.Message;
+import org.springframework.messaging.MessageChannel;
+import org.springframework.messaging.simp.config.ChannelRegistration;
+import org.springframework.messaging.simp.config.MessageBrokerRegistry;
+import org.springframework.messaging.simp.stomp.StompCommand;
+import org.springframework.messaging.simp.stomp.StompHeaderAccessor;
+import org.springframework.messaging.support.ChannelInterceptor;
+import org.springframework.messaging.support.MessageHeaderAccessor;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.web.socket.config.annotation.EnableWebSocketMessageBroker;
+import org.springframework.web.socket.config.annotation.StompEndpointRegistry;
+import org.springframework.web.socket.config.annotation.WebSocketMessageBrokerConfigurer;
+
+@Configuration
+@EnableWebSocketMessageBroker
+@RequiredArgsConstructor
+public class WebSocketConfig implements WebSocketMessageBrokerConfigurer {
+    
+    private final JwtService jwtService;
+    private final UserDetailsService userDetailsService;
+    @Value("${app.website-url}")
+    private String websiteUrl;
+
+    @Override
+    public void configureMessageBroker(MessageBrokerRegistry config) {
+        // Enable a simple memory-based message broker to carry the messages back to the client on destinations prefixed with "/topic" and "/queue"
+        config.enableSimpleBroker("/topic", "/queue");
+        // Set user destination prefix for personal messages
+        config.setUserDestinationPrefix("/user");
+        // Designates the "/app" prefix for messages that are bound for @MessageMapping-annotated methods.
+        config.setApplicationDestinationPrefixes("/app");
+    }
+
+    @Override
+    public void registerStompEndpoints(StompEndpointRegistry registry) {
+        // 1) 原生 WebSocket（不带 SockJS）
+        registry.addEndpoint("/api/ws")
+                .setAllowedOriginPatterns(
+                        "https://staging.open-isle.com",
+                        "https://www.staging.open-isle.com",
+                        websiteUrl,
+                        websiteUrl.replace("://www.", "://"),
+                        "http://localhost:*",
+                        "http://127.0.0.1:*",
+                        "http://192.168.7.98:*",
+                        "http://30.211.97.238:*"
+                );
+
+        // 2) SockJS 回退：单独路径
+        registry.addEndpoint("/api/sockjs")
+                .setAllowedOriginPatterns(
+                        "https://staging.open-isle.com",
+                        "https://www.staging.open-isle.com",
+                        websiteUrl,
+                        websiteUrl.replace("://www.", "://"),
+                        "http://localhost:*",
+                        "http://127.0.0.1:*",
+                        "http://192.168.7.98:*",
+                        "http://30.211.97.238:*"
+                )
+                .withSockJS()
+                .setWebSocketEnabled(true)
+                .setSessionCookieNeeded(false);
+    }
+
+
+
+    @Override
+    public void configureClientInboundChannel(ChannelRegistration registration) {
+        registration.interceptors(new ChannelInterceptor() {
+            @Override
+            public Message<?> preSend(Message<?> message, MessageChannel channel) {
+                StompHeaderAccessor accessor = MessageHeaderAccessor.getAccessor(message, StompHeaderAccessor.class);
+                
+                if (StompCommand.CONNECT.equals(accessor.getCommand())) {
+                    System.out.println("WebSocket CONNECT command received");
+                    String authHeader = accessor.getFirstNativeHeader("Authorization");
+                    System.out.println("Authorization header: " + (authHeader != null ? "present" : "missing"));
+                    
+                    if (authHeader != null && authHeader.startsWith("Bearer ")) {
+                        String token = authHeader.substring(7);
+                        try {
+                            String username = jwtService.validateAndGetSubject(token);
+                            System.out.println("JWT validated for user: " + username);
+                            var userDetails = userDetailsService.loadUserByUsername(username);
+                            Authentication auth = new UsernamePasswordAuthenticationToken(
+                                userDetails, null, userDetails.getAuthorities());
+                            accessor.setUser(auth);
+                            System.out.println("WebSocket user set: " + username);
+                        } catch (Exception e) {
+                            System.err.println("JWT validation failed: " + e.getMessage());
+                        }
+                    }
+                } else if (StompCommand.SUBSCRIBE.equals(accessor.getCommand())) {
+                    System.out.println("WebSocket SUBSCRIBE to: " + accessor.getDestination());
+                    System.out.println("WebSocket user during subscribe: " + (accessor.getUser() != null ? accessor.getUser().getName() : "null"));
+                }
+                return message;
+            }
+        });
+    }
+}

backend/src/main/java/com/openisle/controller/AdminPostController.java

@@ -45,4 +45,14 @@ public class AdminPostController {
     public PostSummaryDto unpin(@PathVariable Long id) {
         return postMapper.toSummaryDto(postService.unpinPost(id));
     }
+
+    @PostMapping("/{id}/rss-exclude")
+    public PostSummaryDto excludeFromRss(@PathVariable Long id) {
+        return postMapper.toSummaryDto(postService.excludeFromRss(id));
+    }
+
+    @PostMapping("/{id}/rss-include")
+    public PostSummaryDto includeInRss(@PathVariable Long id) {
+        return postMapper.toSummaryDto(postService.includeInRss(id));
+    }
 }

backend/src/main/java/com/openisle/controller/AuthController.java

@@ -29,6 +29,7 @@ public class AuthController {
     private final RegisterModeService registerModeService;
     private final NotificationService notificationService;
     private final UserRepository userRepository;
+    private final InviteService inviteService;
 
 
     @Value("${app.captcha.enabled:false}")
@@ -45,6 +46,27 @@ public class AuthController {
         if (captchaEnabled && registerCaptchaEnabled && !captchaService.verify(req.getCaptcha())) {
             return ResponseEntity.badRequest().body(Map.of("error", "Invalid captcha"));
         }
+        if (req.getInviteToken() != null && !req.getInviteToken().isEmpty()) {
+            InviteService.InviteValidateResult result = inviteService.validate(req.getInviteToken());
+            if (!result.isValidate()) {
+                return ResponseEntity.badRequest().body(Map.of("error", "邀请码使用次数过多"));
+            }
+            try {
+                User user = userService.registerWithInvite(
+                        req.getUsername(), req.getEmail(), req.getPassword());
+                inviteService.consume(req.getInviteToken(), user.getUsername());
+                emailService.sendEmail(user.getEmail(), "在网站填写验证码以验证", "您的验证码是 " + user.getVerificationCode());
+                return ResponseEntity.ok(Map.of(
+                        "token", jwtService.generateToken(user.getUsername()),
+                        "reason_code", "INVITE_APPROVED"
+                ));
+            } catch (FieldException e) {
+                return ResponseEntity.badRequest().body(Map.of(
+                        "field", e.getField(),
+                        "error", e.getMessage()
+                ));
+            }
+        }
         User user = userService.register(
                 req.getUsername(), req.getEmail(), req.getPassword(), "", registerModeService.getRegisterMode());
         emailService.sendEmail(user.getEmail(), "在网站填写验证码以验证", "您的验证码是 " + user.getVerificationCode());
@@ -58,10 +80,26 @@ public class AuthController {
     public ResponseEntity<?> verify(@RequestBody VerifyRequest req) {
         boolean ok = userService.verifyCode(req.getUsername(), req.getCode());
         if (ok) {
-            return ResponseEntity.ok(Map.of(
-                    "message", "Verified",
-                    "token", jwtService.generateReasonToken(req.getUsername())
-            ));
+            Optional<User> userOpt = userService.findByUsername(req.getUsername());
+            if (userOpt.isEmpty()) {
+                return ResponseEntity.badRequest().body(Map.of("error", "Invalid credentials"));
+            }
+
+            User user = userOpt.get();
+
+            if (user.isApproved()) {
+                return ResponseEntity.ok(Map.of(
+                        "message", "Verified and isApproved",
+                        "reason_code", "VERIFIED_AND_APPROVED",
+                        "token", jwtService.generateToken(req.getUsername())
+                ));
+            } else {
+                return ResponseEntity.ok(Map.of(
+                        "message", "Verified",
+                        "reason_code", "VERIFIED",
+                        "token", jwtService.generateReasonToken(req.getUsername())
+                ));
+            }
         }
         return ResponseEntity.badRequest().body(Map.of("error", "Invalid verification code"));
     }
@@ -106,27 +144,43 @@ public class AuthController {
 
     @PostMapping("/google")
     public ResponseEntity<?> loginWithGoogle(@RequestBody GoogleLoginRequest req) {
-        Optional<User> user = googleAuthService.authenticate(req.getIdToken(), registerModeService.getRegisterMode());
-        if (user.isPresent()) {
-            if (RegisterMode.DIRECT.equals(registerModeService.getRegisterMode())) {
-                return ResponseEntity.ok(Map.of("token", jwtService.generateToken(user.get().getUsername())));
+        boolean viaInvite = req.getInviteToken() != null && !req.getInviteToken().isEmpty();
+        InviteService.InviteValidateResult inviteValidateResult = inviteService.validate(req.getInviteToken());
+        if (viaInvite && !inviteValidateResult.isValidate()) {
+            return ResponseEntity.badRequest().body(Map.of("error", "Invalid invite token"));
+        }
+        Optional<AuthResult> resultOpt = googleAuthService.authenticate(
+                req.getIdToken(),
+                registerModeService.getRegisterMode(),
+                viaInvite);
+        if (resultOpt.isPresent()) {
+            AuthResult result = resultOpt.get();
+            if (viaInvite && result.isNewUser()) {
+                inviteService.consume(req.getInviteToken(), inviteValidateResult.getInviteToken().getInviter().getUsername());
+                return ResponseEntity.ok(Map.of(
+                        "token", jwtService.generateToken(result.getUser().getUsername()),
+                        "reason_code", "INVITE_APPROVED"
+                ));
             }
-            if (!user.get().isApproved()) {
-                if (user.get().getRegisterReason() != null && !user.get().getRegisterReason().isEmpty()) {
+            if (RegisterMode.DIRECT.equals(registerModeService.getRegisterMode())) {
+                return ResponseEntity.ok(Map.of("token", jwtService.generateToken(result.getUser().getUsername())));
+            }
+            if (!result.getUser().isApproved()) {
+                if (result.getUser().getRegisterReason() != null && !result.getUser().getRegisterReason().isEmpty()) {
                     return ResponseEntity.badRequest().body(Map.of(
                             "error", "Account awaiting approval",
                             "reason_code", "IS_APPROVING",
-                            "token", jwtService.generateReasonToken(user.get().getUsername())
+                            "token", jwtService.generateReasonToken(result.getUser().getUsername())
                     ));
                 }
                 return ResponseEntity.badRequest().body(Map.of(
                         "error", "Account awaiting approval",
                         "reason_code", "NOT_APPROVED",
-                        "token", jwtService.generateReasonToken(user.get().getUsername())
+                        "token", jwtService.generateReasonToken(result.getUser().getUsername())
                 ));
             }
 
-            return ResponseEntity.ok(Map.of("token", jwtService.generateToken(user.get().getUsername())));
+            return ResponseEntity.ok(Map.of("token", jwtService.generateToken(result.getUser().getUsername())));
         }
         return ResponseEntity.badRequest().body(Map.of(
                 "error", "Invalid google token",
@@ -165,28 +219,45 @@ public class AuthController {
 
     @PostMapping("/github")
     public ResponseEntity<?> loginWithGithub(@RequestBody GithubLoginRequest req) {
-        Optional<User> user = githubAuthService.authenticate(req.getCode(), registerModeService.getRegisterMode(), req.getRedirectUri());
-        if (user.isPresent()) {
-            if (RegisterMode.DIRECT.equals(registerModeService.getRegisterMode())) {
-                return ResponseEntity.ok(Map.of("token", jwtService.generateToken(user.get().getUsername())));
+        boolean viaInvite = req.getInviteToken() != null && !req.getInviteToken().isEmpty();
+        InviteService.InviteValidateResult inviteValidateResult = inviteService.validate(req.getInviteToken());
+        if (viaInvite && !inviteValidateResult.isValidate()) {
+            return ResponseEntity.badRequest().body(Map.of("error", "Invalid invite token"));
+        }
+        Optional<AuthResult> resultOpt = githubAuthService.authenticate(
+                req.getCode(),
+                registerModeService.getRegisterMode(),
+                req.getRedirectUri(),
+                viaInvite);
+        if (resultOpt.isPresent()) {
+            AuthResult result = resultOpt.get();
+            if (viaInvite && result.isNewUser()) {
+                inviteService.consume(req.getInviteToken(), inviteValidateResult.getInviteToken().getInviter().getUsername());
+                return ResponseEntity.ok(Map.of(
+                        "token", jwtService.generateToken(result.getUser().getUsername()),
+                        "reason_code", "INVITE_APPROVED"
+                ));
             }
-            if (!user.get().isApproved()) {
-                if (user.get().getRegisterReason() != null && !user.get().getRegisterReason().isEmpty()) {
+            if (RegisterMode.DIRECT.equals(registerModeService.getRegisterMode())) {
+                return ResponseEntity.ok(Map.of("token", jwtService.generateToken(result.getUser().getUsername())));
+            }
+            if (!result.getUser().isApproved()) {
+                if (result.getUser().getRegisterReason() != null && !result.getUser().getRegisterReason().isEmpty()) {
                     // 已填写注册理由
                     return ResponseEntity.badRequest().body(Map.of(
                             "error", "Account awaiting approval",
                             "reason_code", "IS_APPROVING",
-                            "token", jwtService.generateReasonToken(user.get().getUsername())
+                            "token", jwtService.generateReasonToken(result.getUser().getUsername())
                     ));
                 }
                 return ResponseEntity.badRequest().body(Map.of(
                         "error", "Account awaiting approval",
                         "reason_code", "NOT_APPROVED",
-                        "token", jwtService.generateReasonToken(user.get().getUsername())
+                        "token", jwtService.generateReasonToken(result.getUser().getUsername())
                 ));
             }
 
-            return ResponseEntity.ok(Map.of("token", jwtService.generateToken(user.get().getUsername())));
+            return ResponseEntity.ok(Map.of("token", jwtService.generateToken(result.getUser().getUsername())));
         }
         return ResponseEntity.badRequest().body(Map.of(
                 "error", "Invalid github code",
@@ -196,27 +267,44 @@ public class AuthController {
 
     @PostMapping("/discord")
     public ResponseEntity<?> loginWithDiscord(@RequestBody DiscordLoginRequest req) {
-        Optional<User> user = discordAuthService.authenticate(req.getCode(), registerModeService.getRegisterMode(), req.getRedirectUri());
-        if (user.isPresent()) {
-            if (RegisterMode.DIRECT.equals(registerModeService.getRegisterMode())) {
-                return ResponseEntity.ok(Map.of("token", jwtService.generateToken(user.get().getUsername())));
+        boolean viaInvite = req.getInviteToken() != null && !req.getInviteToken().isEmpty();
+        InviteService.InviteValidateResult inviteValidateResult = inviteService.validate(req.getInviteToken());
+        if (viaInvite && !inviteValidateResult.isValidate()) {
+            return ResponseEntity.badRequest().body(Map.of("error", "Invalid invite token"));
+        }
+        Optional<AuthResult> resultOpt = discordAuthService.authenticate(
+                req.getCode(),
+                registerModeService.getRegisterMode(),
+                req.getRedirectUri(),
+                viaInvite);
+        if (resultOpt.isPresent()) {
+            AuthResult result = resultOpt.get();
+            if (viaInvite && result.isNewUser()) {
+                inviteService.consume(req.getInviteToken(), inviteValidateResult.getInviteToken().getInviter().getUsername());
+                return ResponseEntity.ok(Map.of(
+                        "token", jwtService.generateToken(result.getUser().getUsername()),
+                        "reason_code", "INVITE_APPROVED"
+                ));
             }
-            if (!user.get().isApproved()) {
-                if (user.get().getRegisterReason() != null && !user.get().getRegisterReason().isEmpty()) {
+            if (RegisterMode.DIRECT.equals(registerModeService.getRegisterMode())) {
+                return ResponseEntity.ok(Map.of("token", jwtService.generateToken(result.getUser().getUsername())));
+            }
+            if (!result.getUser().isApproved()) {
+                if (result.getUser().getRegisterReason() != null && !result.getUser().getRegisterReason().isEmpty()) {
                     return ResponseEntity.badRequest().body(Map.of(
                             "error", "Account awaiting approval",
                             "reason_code", "IS_APPROVING",
-                            "token", jwtService.generateReasonToken(user.get().getUsername())
+                            "token", jwtService.generateReasonToken(result.getUser().getUsername())
                     ));
                 }
                 return ResponseEntity.badRequest().body(Map.of(
                         "error", "Account awaiting approval",
                         "reason_code", "NOT_APPROVED",
-                        "token", jwtService.generateReasonToken(user.get().getUsername())
+                        "token", jwtService.generateReasonToken(result.getUser().getUsername())
                 ));
             }
 
-            return ResponseEntity.ok(Map.of("token", jwtService.generateToken(user.get().getUsername())));
+            return ResponseEntity.ok(Map.of("token", jwtService.generateToken(result.getUser().getUsername())));
         }
         return ResponseEntity.badRequest().body(Map.of(
                 "error", "Invalid discord code",
@@ -226,31 +314,45 @@ public class AuthController {
       
     @PostMapping("/twitter")
     public ResponseEntity<?> loginWithTwitter(@RequestBody TwitterLoginRequest req) {
-        Optional<User> user = twitterAuthService.authenticate(
+        boolean viaInvite = req.getInviteToken() != null && !req.getInviteToken().isEmpty();
+        InviteService.InviteValidateResult inviteValidateResult = inviteService.validate(req.getInviteToken());
+        if (viaInvite && !inviteValidateResult.isValidate()) {
+            return ResponseEntity.badRequest().body(Map.of("error", "Invalid invite token"));
+        }
+        Optional<AuthResult> resultOpt = twitterAuthService.authenticate(
                 req.getCode(),
                 req.getCodeVerifier(),
                 registerModeService.getRegisterMode(),
-                req.getRedirectUri());
-        if (user.isPresent()) {
-            if (RegisterMode.DIRECT.equals(registerModeService.getRegisterMode())) {
-                return ResponseEntity.ok(Map.of("token", jwtService.generateToken(user.get().getUsername())));
+                req.getRedirectUri(),
+                viaInvite);
+        if (resultOpt.isPresent()) {
+            AuthResult result = resultOpt.get();
+            if (viaInvite && result.isNewUser()) {
+                inviteService.consume(req.getInviteToken(), inviteValidateResult.getInviteToken().getInviter().getUsername());
+                return ResponseEntity.ok(Map.of(
+                        "token", jwtService.generateToken(result.getUser().getUsername()),
+                        "reason_code", "INVITE_APPROVED"
+                ));
             }
-            if (!user.get().isApproved()) {
-                if (user.get().getRegisterReason() != null && !user.get().getRegisterReason().isEmpty()) {
+            if (RegisterMode.DIRECT.equals(registerModeService.getRegisterMode())) {
+                return ResponseEntity.ok(Map.of("token", jwtService.generateToken(result.getUser().getUsername())));
+            }
+            if (!result.getUser().isApproved()) {
+                if (result.getUser().getRegisterReason() != null && !result.getUser().getRegisterReason().isEmpty()) {
                     return ResponseEntity.badRequest().body(Map.of(
                             "error", "Account awaiting approval",
                             "reason_code", "IS_APPROVING",
-                            "token", jwtService.generateReasonToken(user.get().getUsername())
+                            "token", jwtService.generateReasonToken(result.getUser().getUsername())
                     ));
                 }
                 return ResponseEntity.badRequest().body(Map.of(
                         "error", "Account awaiting approval",
                         "reason_code", "NOT_APPROVED",
-                        "token", jwtService.generateReasonToken(user.get().getUsername())
+                        "token", jwtService.generateReasonToken(result.getUser().getUsername())
                 ));
             }
 
-            return ResponseEntity.ok(Map.of("token", jwtService.generateToken(user.get().getUsername())));
+            return ResponseEntity.ok(Map.of("token", jwtService.generateToken(result.getUser().getUsername())));
         }
         return ResponseEntity.badRequest().body(Map.of(
                 "error", "Invalid twitter code",

backend/src/main/java/com/openisle/controller/ChannelController.java

@@ -0,0 +1,35 @@
+package com.openisle.controller;
+
+import com.openisle.dto.ChannelDto;
+import com.openisle.model.User;
+import com.openisle.repository.UserRepository;
+import com.openisle.service.ChannelService;
+import lombok.RequiredArgsConstructor;
+import org.springframework.security.core.Authentication;
+import org.springframework.web.bind.annotation.*;
+
+import java.util.List;
+
+@RestController
+@RequestMapping("/api/channels")
+@RequiredArgsConstructor
+public class ChannelController {
+    private final ChannelService channelService;
+    private final UserRepository userRepository;
+
+    private Long getCurrentUserId(Authentication auth) {
+        User user = userRepository.findByUsername(auth.getName())
+                .orElseThrow(() -> new IllegalArgumentException("User not found"));
+        return user.getId();
+    }
+
+    @GetMapping
+    public List<ChannelDto> listChannels(Authentication auth) {
+        return channelService.listChannels(getCurrentUserId(auth));
+    }
+
+    @PostMapping("/{channelId}/join")
+    public ChannelDto joinChannel(@PathVariable Long channelId, Authentication auth) {
+        return channelService.joinChannel(channelId, getCurrentUserId(auth));
+    }
+}

backend/src/main/java/com/openisle/controller/CommentController.java

@@ -47,7 +47,7 @@ public class CommentController {
         Comment comment = commentService.addComment(auth.getName(), postId, req.getContent());
         CommentDto dto = commentMapper.toDto(comment);
         dto.setReward(levelService.awardForComment(auth.getName()));
-        dto.setPointReward(pointService.awardForComment(auth.getName(),postId));
+        dto.setPointReward(pointService.awardForComment(auth.getName(), postId, comment.getId()));
         log.debug("createComment succeeded for comment {}", comment.getId());
         return ResponseEntity.ok(dto);
     }

backend/src/main/java/com/openisle/controller/InviteController.java

@@ -0,0 +1,23 @@
+package com.openisle.controller;
+
+import com.openisle.service.InviteService;
+import lombok.RequiredArgsConstructor;
+import org.springframework.security.core.Authentication;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+import java.util.Map;
+
+@RestController
+@RequestMapping("/api/invite")
+@RequiredArgsConstructor
+public class InviteController {
+    private final InviteService inviteService;
+
+    @PostMapping("/generate")
+    public Map<String, String> generate(Authentication auth) {
+        String token = inviteService.generate(auth.getName());
+        return Map.of("token", token);
+    }
+}

backend/src/main/java/com/openisle/controller/MessageController.java

@@ -0,0 +1,137 @@
+package com.openisle.controller;
+
+import com.openisle.dto.ConversationDetailDto;
+import com.openisle.dto.ConversationDto;
+import com.openisle.dto.CreateConversationRequest;
+import com.openisle.dto.CreateConversationResponse;
+import com.openisle.dto.MessageDto;
+import com.openisle.dto.UserSummaryDto;
+import com.openisle.model.Message;
+import com.openisle.model.MessageConversation;
+import com.openisle.model.User;
+import com.openisle.repository.UserRepository;
+import com.openisle.service.MessageService;
+import lombok.RequiredArgsConstructor;
+import org.springframework.data.domain.Page;
+import org.springframework.data.domain.PageRequest;
+import org.springframework.data.domain.Pageable;
+import org.springframework.data.domain.Sort;
+import org.springframework.http.ResponseEntity;
+import org.springframework.security.core.Authentication;
+import org.springframework.web.bind.annotation.*;
+
+import java.util.List;
+
+@RestController
+@RequestMapping("/api/messages")
+@RequiredArgsConstructor
+public class MessageController {
+
+    private final MessageService messageService;
+    private final UserRepository userRepository;
+
+    // This is a placeholder for getting the current user's ID
+    private Long getCurrentUserId(Authentication auth) {
+        User user = userRepository.findByUsername(auth.getName()).orElseThrow(() -> new IllegalArgumentException("Sender not found"));
+        // In a real application, you would get this from the Authentication object
+        return user.getId();
+    }
+
+    @GetMapping("/conversations")
+    public ResponseEntity<List<ConversationDto>> getConversations(Authentication auth) {
+        List<ConversationDto> conversations = messageService.getConversations(getCurrentUserId(auth));
+        return ResponseEntity.ok(conversations);
+    }
+
+    @GetMapping("/conversations/{conversationId}")
+    public ResponseEntity<ConversationDetailDto> getMessages(@PathVariable Long conversationId,
+                                                               @RequestParam(defaultValue = "0") int page,
+                                                               @RequestParam(defaultValue = "20") int size,
+                                                               Authentication auth) {
+        Pageable pageable = PageRequest.of(page, size, Sort.by("createdAt").descending());
+        ConversationDetailDto conversationDetails = messageService.getConversationDetails(conversationId, getCurrentUserId(auth), pageable);
+        return ResponseEntity.ok(conversationDetails);
+    }
+
+    @PostMapping
+    public ResponseEntity<MessageDto> sendMessage(@RequestBody MessageRequest req, Authentication auth) {
+        Message message = messageService.sendMessage(getCurrentUserId(auth), req.getRecipientId(), req.getContent());
+        return ResponseEntity.ok(toDto(message));
+    }
+
+    @PostMapping("/conversations/{conversationId}/messages")
+    public ResponseEntity<MessageDto> sendMessageToConversation(@PathVariable Long conversationId,
+                                                                @RequestBody ChannelMessageRequest req,
+                                                                Authentication auth) {
+        Message message = messageService.sendMessageToConversation(getCurrentUserId(auth), conversationId, req.getContent());
+        return ResponseEntity.ok(toDto(message));
+    }
+
+    @PostMapping("/conversations/{conversationId}/read")
+    public ResponseEntity<Void> markAsRead(@PathVariable Long conversationId, Authentication auth) {
+        messageService.markConversationAsRead(conversationId, getCurrentUserId(auth));
+        return ResponseEntity.ok().build();
+    }
+
+    @PostMapping("/conversations")
+    public ResponseEntity<CreateConversationResponse> findOrCreateConversation(@RequestBody CreateConversationRequest req, Authentication auth) {
+        MessageConversation conversation = messageService.findOrCreateConversation(getCurrentUserId(auth), req.getRecipientId());
+        return ResponseEntity.ok(new CreateConversationResponse(conversation.getId()));
+    }
+
+    private MessageDto toDto(Message message) {
+        MessageDto dto = new MessageDto();
+        dto.setId(message.getId());
+        dto.setContent(message.getContent());
+        dto.setCreatedAt(message.getCreatedAt());
+
+        dto.setConversationId(message.getConversation().getId());
+
+        UserSummaryDto senderDto = new UserSummaryDto();
+        senderDto.setId(message.getSender().getId());
+        senderDto.setUsername(message.getSender().getUsername());
+        senderDto.setAvatar(message.getSender().getAvatar());
+        dto.setSender(senderDto);
+
+        return dto;
+    }
+
+    @GetMapping("/unread-count")
+    public ResponseEntity<Long> getUnreadCount(Authentication auth) {
+        return ResponseEntity.ok(messageService.getUnreadMessageCount(getCurrentUserId(auth)));
+    }
+
+    // A simple request DTO
+    static class MessageRequest {
+        private Long recipientId;
+        private String content;
+
+        public Long getRecipientId() {
+            return recipientId;
+        }
+
+        public void setRecipientId(Long recipientId) {
+            this.recipientId = recipientId;
+        }
+
+        public String getContent() {
+            return content;
+        }
+
+        public void setContent(String content) {
+            this.content = content;
+        }
+    }
+
+    static class ChannelMessageRequest {
+        private String content;
+
+        public String getContent() {
+            return content;
+        }
+
+        public void setContent(String content) {
+            this.content = content;
+        }
+    }
+}

backend/src/main/java/com/openisle/controller/NotificationController.java

@@ -23,9 +23,19 @@ public class NotificationController {
     private final NotificationMapper notificationMapper;
 
     @GetMapping
-    public List<NotificationDto> list(@RequestParam(value = "read", required = false) Boolean read,
+    public List<NotificationDto> list(@RequestParam(value = "page", defaultValue = "0") int page,
+                                      @RequestParam(value = "size", defaultValue = "30") int size,
                                       Authentication auth) {
-        return notificationService.listNotifications(auth.getName(), read).stream()
+        return notificationService.listNotifications(auth.getName(), null, page, size).stream()
+                .map(notificationMapper::toDto)
+                .collect(Collectors.toList());
+    }
+
+    @GetMapping("/unread")
+    public List<NotificationDto> listUnread(@RequestParam(value = "page", defaultValue = "0") int page,
+                                            @RequestParam(value = "size", defaultValue = "30") int size,
+                                            Authentication auth) {
+        return notificationService.listNotifications(auth.getName(), false, page, size).stream()
                 .map(notificationMapper::toDto)
                 .collect(Collectors.toList());
     }

backend/src/main/java/com/openisle/controller/PointHistoryController.java

@@ -0,0 +1,28 @@
+package com.openisle.controller;
+
+import com.openisle.dto.PointHistoryDto;
+import com.openisle.mapper.PointHistoryMapper;
+import com.openisle.service.PointService;
+import lombok.RequiredArgsConstructor;
+import org.springframework.security.core.Authentication;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+import java.util.List;
+import java.util.stream.Collectors;
+
+@RestController
+@RequestMapping("/api/point-histories")
+@RequiredArgsConstructor
+public class PointHistoryController {
+    private final PointService pointService;
+    private final PointHistoryMapper pointHistoryMapper;
+
+    @GetMapping
+    public List<PointHistoryDto> list(Authentication auth) {
+        return pointService.listHistory(auth.getName()).stream()
+                .map(pointHistoryMapper::toDto)
+                .collect(Collectors.toList());
+    }
+}

backend/src/main/java/com/openisle/controller/PointMallController.java

@@ -0,0 +1,39 @@
+package com.openisle.controller;
+
+import com.openisle.dto.PointGoodDto;
+import com.openisle.dto.PointRedeemRequest;
+import com.openisle.mapper.PointGoodMapper;
+import com.openisle.model.User;
+import com.openisle.service.PointMallService;
+import com.openisle.service.UserService;
+import lombok.RequiredArgsConstructor;
+import org.springframework.security.core.Authentication;
+import org.springframework.web.bind.annotation.*;
+
+import java.util.List;
+import java.util.Map;
+import java.util.stream.Collectors;
+
+/** REST controller for point mall. */
+@RestController
+@RequestMapping("/api/point-goods")
+@RequiredArgsConstructor
+public class PointMallController {
+    private final PointMallService pointMallService;
+    private final UserService userService;
+    private final PointGoodMapper pointGoodMapper;
+
+    @GetMapping
+    public List<PointGoodDto> list() {
+        return pointMallService.listGoods().stream()
+                .map(pointGoodMapper::toDto)
+                .collect(Collectors.toList());
+    }
+
+    @PostMapping("/redeem")
+    public Map<String, Integer> redeem(@RequestBody PointRedeemRequest req, Authentication auth) {
+        User user = userService.findByIdentifier(auth.getName()).orElseThrow();
+        int point = pointMallService.redeem(user, req.getGoodId(), req.getContact());
+        return Map.of("point", point);
+    }
+}

backend/src/main/java/com/openisle/controller/PostController.java

@@ -45,7 +45,7 @@ public class PostController {
         draftService.deleteDraft(auth.getName());
         PostDetailDto dto = postMapper.toDetailDto(post, auth.getName());
         dto.setReward(levelService.awardForPost(auth.getName()));
-        dto.setPointReward(pointService.awardForPost(auth.getName()));
+        dto.setPointReward(pointService.awardForPost(auth.getName(), post.getId()));
         return ResponseEntity.ok(dto);
     }
 
@@ -62,6 +62,16 @@ public class PostController {
         postService.deletePost(id, auth.getName());
     }
 
+    @PostMapping("/{id}/close")
+    public PostSummaryDto close(@PathVariable Long id, Authentication auth) {
+        return postMapper.toSummaryDto(postService.closePost(id, auth.getName()));
+    }
+
+    @PostMapping("/{id}/reopen")
+    public PostSummaryDto reopen(@PathVariable Long id, Authentication auth) {
+        return postMapper.toSummaryDto(postService.reopenPost(id, auth.getName()));
+    }
+
     @GetMapping("/{id}")
     public ResponseEntity<PostDetailDto> getPost(@PathVariable Long id, Authentication auth) {
         String viewer = auth != null ? auth.getName() : null;
@@ -161,4 +171,27 @@ public class PostController {
         return postService.listPostsByLatestReply(ids, tids, page, pageSize)
                 .stream().map(postMapper::toSummaryDto).collect(Collectors.toList());
     }
+
+    @GetMapping("/featured")
+    public List<PostSummaryDto> featuredPosts(@RequestParam(value = "categoryId", required = false) Long categoryId,
+                                       @RequestParam(value = "categoryIds", required = false) List<Long> categoryIds,
+                                       @RequestParam(value = "tagId", required = false) Long tagId,
+                                       @RequestParam(value = "tagIds", required = false) List<Long> tagIds,
+                                       @RequestParam(value = "page", required = false) Integer page,
+                                       @RequestParam(value = "pageSize", required = false) Integer pageSize,
+                                       Authentication auth) {
+        List<Long> ids = categoryIds;
+        if (categoryId != null) {
+            ids = java.util.List.of(categoryId);
+        }
+        List<Long> tids = tagIds;
+        if (tagId != null) {
+            tids = java.util.List.of(tagId);
+        }
+        if (auth != null) {
+            userVisitService.recordVisit(auth.getName());
+        }
+        return postService.listFeaturedPosts(ids, tids, page, pageSize)
+                .stream().map(postMapper::toSummaryDto).collect(Collectors.toList());
+    }
 }

backend/src/main/java/com/openisle/controller/RssController.java

@@ -0,0 +1,352 @@
+package com.openisle.controller;
+
+import com.openisle.model.Post;
+import com.openisle.model.Comment;
+import com.openisle.model.CommentSort;
+import com.openisle.service.PostService;
+import com.openisle.service.CommentService;
+import lombok.RequiredArgsConstructor;
+import org.jsoup.Jsoup;
+import org.jsoup.nodes.Document;
+import org.jsoup.nodes.Element;
+import org.jsoup.safety.Safelist;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+import com.vladsch.flexmark.ext.autolink.AutolinkExtension;
+import com.vladsch.flexmark.ext.tables.TablesExtension;
+import com.vladsch.flexmark.ext.gfm.strikethrough.StrikethroughExtension;
+import com.vladsch.flexmark.ext.gfm.tasklist.TaskListExtension;
+import com.vladsch.flexmark.html.HtmlRenderer;
+import com.vladsch.flexmark.parser.Parser;
+import com.vladsch.flexmark.util.data.MutableDataSet;
+
+import java.net.URI;
+import java.time.ZoneId;
+import java.time.ZonedDateTime;
+import java.time.format.DateTimeFormatter;
+import java.util.*;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+
+@RestController
+@RequiredArgsConstructor
+public class RssController {
+    private final PostService postService;
+    private final CommentService commentService;
+
+    @Value("${app.website-url:https://www.open-isle.com}")
+    private String websiteUrl;
+
+    // 兼容 Markdown/HTML 两类图片写法（用于 enclosure）
+    private static final Pattern MD_IMAGE = Pattern.compile("!\\[[^\\]]*\\]\\(([^)]+)\\)");
+    private static final Pattern HTML_IMAGE = Pattern.compile("<img[^>]+src=[\"']?([^\"'>]+)[\"']?[^>]*>");
+
+    private static final DateTimeFormatter RFC1123 = DateTimeFormatter.RFC_1123_DATE_TIME;
+
+    // flexmark：Markdown -> HTML
+    private static final Parser MD_PARSER;
+    private static final HtmlRenderer MD_RENDERER;
+    static {
+        MutableDataSet opts = new MutableDataSet();
+        opts.set(Parser.EXTENSIONS, Arrays.asList(
+                TablesExtension.create(),
+                AutolinkExtension.create(),
+                StrikethroughExtension.create(),
+                TaskListExtension.create()
+        ));
+        // 允许内联 HTML（下游再做 sanitize）
+        opts.set(Parser.HTML_BLOCK_PARSER, true);
+        MD_PARSER = Parser.builder(opts).build();
+        MD_RENDERER = HtmlRenderer.builder(opts).escapeHtml(false).build();
+    }
+
+    @GetMapping(value = "/api/rss", produces = "application/rss+xml;charset=UTF-8")
+    public String feed() {
+        // 建议 20；你现在是 10，这里保留你的 10
+        List<Post> posts = postService.listLatestRssPosts(10);
+        String base = trimTrailingSlash(websiteUrl);
+
+        StringBuilder sb = new StringBuilder(4096);
+        sb.append("<?xml version=\"1.0\" encoding=\"UTF-8\"?>");
+        sb.append("<rss version=\"2.0\" xmlns:content=\"http://purl.org/rss/1.0/modules/content/\">");
+        sb.append("<channel>");
+        elem(sb, "title", cdata("OpenIsle RSS"));
+        elem(sb, "link", base + "/");
+        elem(sb, "description", cdata("Latest posts"));
+        ZonedDateTime updated = posts.stream()
+                .map(p -> p.getCreatedAt().atZone(ZoneId.systemDefault()))
+                .max(Comparator.naturalOrder())
+                .orElse(ZonedDateTime.now());
+        // channel lastBuildDate（GMT）
+        elem(sb, "lastBuildDate", toRfc1123Gmt(updated));
+
+        for (Post p : posts) {
+            String link = base + "/posts/" + p.getId();
+
+            // 1) Markdown -> HTML
+            String html = renderMarkdown(p.getContent());
+
+            // 2) Sanitize（白名单增强）
+            String safeHtml = sanitizeHtml(html);
+
+            // 3) 绝对化 href/src + 强制 rel/target
+            String absHtml = absolutifyHtml(safeHtml, base);
+
+            // 4) 纯文本摘要（用于 <description>）
+            String plain = textSummary(absHtml, 180);
+
+            // 5) enclosure（首图，已绝对化）
+            String enclosure = firstImage(p.getContent());
+            if (enclosure == null) {
+                // 如果 Markdown 没有图，尝试从渲染后的 HTML 再抓一次
+                enclosure = firstImage(absHtml);
+            }
+            if (enclosure != null) {
+                enclosure = absolutifyUrl(enclosure, base);
+            }
+
+            // 6) 构造优雅的附加区块（原文链接 + 精选评论），编入 <content:encoded>
+            List<Comment> topComments = commentService
+                    .getCommentsForPost(p.getId(), CommentSort.MOST_INTERACTIONS);
+            topComments = topComments.subList(0, Math.min(10, topComments.size()));
+            String footerHtml = buildFooterHtml(base, link, topComments);
+
+            sb.append("<item>");
+            elem(sb, "title", cdata(nullSafe(p.getTitle())));
+            elem(sb, "link", link);
+            sb.append("<guid isPermaLink=\"true\">").append(link).append("</guid>");
+            elem(sb, "pubDate", toRfc1123Gmt(p.getCreatedAt().atZone(ZoneId.systemDefault())));
+            // 摘要
+            elem(sb, "description", cdata(plain));
+            // 全文（HTML）：正文 + 优雅的 Markdown 区块（已转 HTML）
+            sb.append("<content:encoded><![CDATA[")
+                    .append(absHtml)
+                    .append(footerHtml)
+                    .append("]]></content:encoded>");
+            // 首图 enclosure（图片类型）
+            if (enclosure != null) {
+                sb.append("<enclosure url=\"").append(escapeXml(enclosure)).append("\" type=\"")
+                        .append(getMimeType(enclosure)).append("\" />");
+            }
+            sb.append("</item>");
+        }
+
+        sb.append("</channel></rss>");
+        return sb.toString();
+    }
+
+    /* ===================== Markdown → HTML ===================== */
+
+    private static String renderMarkdown(String md) {
+        if (md == null || md.isEmpty()) return "";
+        return MD_RENDERER.render(MD_PARSER.parse(md));
+    }
+
+    /* ===================== Sanitize & 绝对化 ===================== */
+
+    private static String sanitizeHtml(String html) {
+        if (html == null) return "";
+        Safelist wl = Safelist.relaxed()
+                .addTags(
+                        "pre","code","figure","figcaption","picture","source",
+                        "table","thead","tbody","tr","th","td",
+                        "h1","h2","h3","h4","h5","h6",
+                        "hr","blockquote"
+                )
+                .addAttributes("a", "href", "title", "target", "rel")
+                .addAttributes("img", "src", "alt", "title", "width", "height")
+                .addAttributes("source", "srcset", "type", "media")
+                .addAttributes("code", "class")
+                .addAttributes("pre", "class")
+                .addProtocols("a", "href", "http", "https", "mailto")
+                .addProtocols("img", "src", "http", "https", "data")
+                .addProtocols("source", "srcset", "http", "https");
+        // 清除所有 on* 事件、style（避免阅读器环境差异）
+        return Jsoup.clean(html, wl);
+    }
+
+    private static String absolutifyHtml(String html, String baseUrl) {
+        if (html == null || html.isEmpty()) return "";
+        Document doc = Jsoup.parseBodyFragment(html, baseUrl);
+        // a[href]
+        for (Element a : doc.select("a[href]")) {
+            String href = a.attr("href");
+            String abs = absolutifyUrl(href, baseUrl);
+            a.attr("href", abs);
+            // 强制外链安全属性
+            a.attr("rel", "noopener noreferrer nofollow");
+            a.attr("target", "_blank");
+        }
+        // img[src]
+        for (Element img : doc.select("img[src]")) {
+            String src = img.attr("src");
+            String abs = absolutifyUrl(src, baseUrl);
+            img.attr("src", abs);
+        }
+        // source[srcset] （picture/webp）
+        for (Element s : doc.select("source[srcset]")) {
+            String srcset = s.attr("srcset");
+            s.attr("srcset", absolutifySrcset(srcset, baseUrl));
+        }
+        return doc.body().html();
+    }
+
+    private static String absolutifyUrl(String url, String baseUrl) {
+        if (url == null || url.isEmpty()) return url;
+        String u = url.trim();
+        if (u.startsWith("//")) {
+            return "https:" + u;
+        }
+        if (u.startsWith("#")) {
+            // 保留页面内锚点：拼接到首页（也可拼接到当前帖子的 link，但此处无上下文）
+            return baseUrl + "/" + u;
+        }
+        try {
+            URI base = URI.create(ensureTrailingSlash(baseUrl));
+            URI abs = base.resolve(u);
+            return abs.toString();
+        } catch (Exception e) {
+            return url;
+        }
+    }
+
+    private static String absolutifySrcset(String srcset, String baseUrl) {
+        if (srcset == null || srcset.isEmpty()) return srcset;
+        String[] parts = srcset.split(",");
+        List<String> out = new ArrayList<>(parts.length);
+        for (String part : parts) {
+            String p = part.trim();
+            if (p.isEmpty()) continue;
+            String[] seg = p.split("\\s+");
+            String url = seg[0];
+            String size = seg.length > 1 ? seg[1] : "";
+            out.add(absolutifyUrl(url, baseUrl) + (size.isEmpty() ? "" : " " + size));
+        }
+        return String.join(", ", out);
+    }
+
+    /* ===================== 摘要 & enclosure ===================== */
+
+    private static String textSummary(String html, int maxLen) {
+        if (html == null) return "";
+        String text = Jsoup.parse(html).text().replaceAll("\\s+", " ").trim();
+        if (text.length() <= maxLen) return text;
+        return text.substring(0, maxLen) + "…";
+    }
+
+    private String firstImage(String content) {
+        if (content == null) return null;
+        Matcher m = MD_IMAGE.matcher(content);
+        if (m.find()) return m.group(1);
+        m = HTML_IMAGE.matcher(content);
+        if (m.find()) return m.group(1);
+        // 再从纯 HTML 里解析一次（如果传入的是渲染后的）
+        try {
+            Document doc = Jsoup.parse(content);
+            Element img = doc.selectFirst("img[src]");
+            if (img != null) return img.attr("src");
+        } catch (Exception ignored) {}
+        return null;
+    }
+
+    private static String getMimeType(String url) {
+        String lower = url == null ? "" : url.toLowerCase(Locale.ROOT);
+        if (lower.endsWith(".png"))  return "image/png";
+        if (lower.endsWith(".gif"))  return "image/gif";
+        if (lower.endsWith(".webp")) return "image/webp";
+        if (lower.endsWith(".svg"))  return "image/svg+xml";
+        if (lower.endsWith(".avif")) return "image/avif";
+        if (lower.endsWith(".jpg") || lower.endsWith(".jpeg")) return "image/jpeg";
+        // 默认兜底
+        return "image/jpeg";
+    }
+
+    /* ===================== 附加区块（原文链接 + 精选评论） ===================== */
+
+    /**
+     * 将“原文链接 + 精选评论（最多 10 条）”以优雅的 Markdown 形式渲染为 HTML，
+     * 并做 sanitize + 绝对化，然后拼入 content:encoded 尾部。
+     */
+    private static String buildFooterHtml(String baseUrl, String originalLink, List<Comment> topComments) {
+        StringBuilder md = new StringBuilder(256);
+
+        // 分割线
+        md.append("\n\n---\n\n");
+
+        // 原文链接（强调 + 可点击）
+        md.append("**原文链接：** ")
+                .append("[").append(originalLink).append("](").append(originalLink).append(")")
+                .append("\n\n");
+
+        // 精选评论（仅当有评论时展示）
+        if (topComments != null && !topComments.isEmpty()) {
+            md.append("### 精选评论（Top ").append(Math.min(10, topComments.size())).append("）\n\n");
+            for (Comment c : topComments) {
+                String author = usernameOf(c);
+                String content = nullSafe(c.getContent()).replace("\r", "");
+                // 使用引用样式展示，提升可读性
+                md.append("> @").append(author).append(": ").append(content).append("\n\n");
+            }
+        }
+
+        // 渲染为 HTML，并保持和正文一致的处理流程
+        String html = renderMarkdown(md.toString());
+        String safe = sanitizeHtml(html);
+        return absolutifyHtml(safe, baseUrl);
+    }
+
+    private static String usernameOf(Comment c) {
+        if (c == null) return "匿名";
+        try {
+            Object authorObj = c.getAuthor();
+            if (authorObj == null) return "匿名";
+            // 反射避免直接依赖实体字段名变化（也可直接强转到具体类型）
+            String username;
+            try {
+                username = (String) authorObj.getClass().getMethod("getUsername").invoke(authorObj);
+            } catch (Exception e) {
+                username = null;
+            }
+            if (username == null || username.isEmpty()) return "匿名";
+            return username;
+        } catch (Exception ignored) {
+            return "匿名";
+        }
+    }
+
+    /* ===================== 时间/字符串/XML ===================== */
+
+    private static String toRfc1123Gmt(ZonedDateTime zdt) {
+        return zdt.withZoneSameInstant(ZoneId.of("GMT")).format(RFC1123);
+    }
+
+    private static String cdata(String s) {
+        if (s == null) return "<![CDATA[]]>";
+        // 防止出现 "]]>" 终止标记破坏 CDATA
+        return "<![CDATA[" + s.replace("]]>", "]]]]><![CDATA[>") + "]]>";
+    }
+
+    private static void elem(StringBuilder sb, String name, String value) {
+        sb.append('<').append(name).append('>').append(value).append("</").append(name).append('>');
+    }
+
+    private static String escapeXml(String s) {
+        if (s == null) return "";
+        return s.replace("&", "&amp;").replace("<", "&lt;").replace(">", "&gt;")
+                .replace("\"", "&quot;").replace("'", "&apos;");
+    }
+
+    private static String trimTrailingSlash(String s) {
+        if (s == null) return "";
+        return s.endsWith("/") ? s.substring(0, s.length() - 1) : s;
+    }
+
+    private static String ensureTrailingSlash(String s) {
+        if (s == null || s.isEmpty()) return "/";
+        return s.endsWith("/") ? s : s + "/";
+    }
+
+    private static String nullSafe(String s) { return s == null ? "" : s; }
+}

backend/src/main/java/com/openisle/dto/ChannelDto.java

@@ -0,0 +1,16 @@
+package com.openisle.dto;
+
+import lombok.Getter;
+import lombok.Setter;
+
+@Getter
+@Setter
+public class ChannelDto {
+    private Long id;
+    private String name;
+    private String description;
+    private String avatar;
+    private long memberCount;
+    private boolean joined;
+    private long unreadCount;
+}

backend/src/main/java/com/openisle/dto/ConversationDetailDto.java

@@ -0,0 +1,16 @@
+package com.openisle.dto;
+
+import lombok.Data;
+import org.springframework.data.domain.Page;
+
+import java.util.List;
+
+@Data
+public class ConversationDetailDto {
+    private Long id;
+    private String name;
+    private boolean channel;
+    private String avatar;
+    private List<UserSummaryDto> participants;
+    private Page<MessageDto> messages;
+}

backend/src/main/java/com/openisle/dto/ConversationDto.java

@@ -0,0 +1,20 @@
+package com.openisle.dto;
+
+import lombok.Getter;
+import lombok.Setter;
+
+import java.time.LocalDateTime;
+import java.util.List;
+
+@Getter
+@Setter
+public class ConversationDto {
+    private Long id;
+    private String name;
+    private boolean channel;
+    private String avatar;
+    private MessageDto lastMessage;
+    private List<UserSummaryDto> participants;
+    private LocalDateTime createdAt;
+    private long unreadCount;
+}

backend/src/main/java/com/openisle/dto/CreateConversationRequest.java

@@ -0,0 +1,8 @@
+package com.openisle.dto;
+
+import lombok.Data;
+
+@Data
+public class CreateConversationRequest {
+    private Long recipientId;
+}

backend/src/main/java/com/openisle/dto/CreateConversationResponse.java

@@ -0,0 +1,12 @@
+package com.openisle.dto;
+
+import lombok.AllArgsConstructor;
+import lombok.Data;
+import lombok.NoArgsConstructor;
+
+@Data
+@AllArgsConstructor
+@NoArgsConstructor
+public class CreateConversationResponse {
+    private Long conversationId;
+}

backend/src/main/java/com/openisle/dto/DiscordLoginRequest.java

@@ -7,4 +7,5 @@ import lombok.Data;
 public class DiscordLoginRequest {
     private String code;
     private String redirectUri;
+    private String inviteToken;
 }

backend/src/main/java/com/openisle/dto/FeaturedMedalDto.java

@@ -0,0 +1,12 @@
+package com.openisle.dto;
+
+import lombok.Data;
+import lombok.EqualsAndHashCode;
+
+@Data
+@EqualsAndHashCode(callSuper = true)
+public class FeaturedMedalDto extends MedalDto {
+    private long currentFeaturedCount;
+    private long targetFeaturedCount;
+}
+

backend/src/main/java/com/openisle/dto/GithubLoginRequest.java

@@ -7,4 +7,5 @@ import lombok.Data;
 public class GithubLoginRequest {
     private String code;
     private String redirectUri;
+    private String inviteToken;
 }

backend/src/main/java/com/openisle/dto/GoogleLoginRequest.java

@@ -6,4 +6,5 @@ import lombok.Data;
 @Data
 public class GoogleLoginRequest {
     private String idToken;
+    private String inviteToken;
 }

backend/src/main/java/com/openisle/dto/MessageDto.java

@@ -0,0 +1,13 @@
+package com.openisle.dto;
+
+import lombok.Data;
+import java.time.LocalDateTime;
+
+@Data
+public class MessageDto {
+    private Long id;
+    private String content;
+    private UserSummaryDto sender;
+    private Long conversationId;
+    private LocalDateTime createdAt;
+}

backend/src/main/java/com/openisle/dto/PointGoodDto.java

@@ -0,0 +1,12 @@
+package com.openisle.dto;
+
+import lombok.Data;
+
+/** Point mall good info. */
+@Data
+public class PointGoodDto {
+    private Long id;
+    private String name;
+    private int cost;
+    private String image;
+}

backend/src/main/java/com/openisle/dto/PointHistoryDto.java

@@ -0,0 +1,23 @@
+package com.openisle.dto;
+
+import com.openisle.model.PointHistoryType;
+import lombok.Getter;
+import lombok.Setter;
+
+import java.time.LocalDateTime;
+
+@Getter
+@Setter
+public class PointHistoryDto {
+    private Long id;
+    private PointHistoryType type;
+    private int amount;
+    private int balance;
+    private Long postId;
+    private String postTitle;
+    private Long commentId;
+    private String commentContent;
+    private Long fromUserId;
+    private String fromUserName;
+    private LocalDateTime createdAt;
+}

backend/src/main/java/com/openisle/dto/PointRedeemRequest.java

@@ -0,0 +1,10 @@
+package com.openisle.dto;
+
+import lombok.Data;
+
+/** Request to redeem a point mall good. */
+@Data
+public class PointRedeemRequest {
+    private Long goodId;
+    private String contact;
+}

backend/src/main/java/com/openisle/dto/PostSummaryDto.java

@@ -31,5 +31,7 @@ public class PostSummaryDto {
     private int pointReward;
     private PostType type;
     private LotteryDto lottery;
+    private boolean rssExcluded;
+    private boolean closed;
 }
 

backend/src/main/java/com/openisle/dto/RegisterRequest.java

@@ -9,4 +9,5 @@ public class RegisterRequest {
     private String email;
     private String password;
     private String captcha;
+    private String inviteToken;
 }

backend/src/main/java/com/openisle/dto/TwitterLoginRequest.java

@@ -8,4 +8,5 @@ public class TwitterLoginRequest {
     private String code;
     private String redirectUri;
     private String codeVerifier;
+    private String inviteToken;
 }

backend/src/main/java/com/openisle/dto/UserSummaryDto.java

@@ -0,0 +1,10 @@
+package com.openisle.dto;
+
+import lombok.Data;
+
+@Data
+public class UserSummaryDto {
+    private Long id;
+    private String username;
+    private String avatar;
+}

backend/src/main/java/com/openisle/mapper/PointGoodMapper.java

@@ -0,0 +1,18 @@
+package com.openisle.mapper;
+
+import com.openisle.dto.PointGoodDto;
+import com.openisle.model.PointGood;
+import org.springframework.stereotype.Component;
+
+/** Mapper for point mall goods. */
+@Component
+public class PointGoodMapper {
+    public PointGoodDto toDto(PointGood good) {
+        PointGoodDto dto = new PointGoodDto();
+        dto.setId(good.getId());
+        dto.setName(good.getName());
+        dto.setCost(good.getCost());
+        dto.setImage(good.getImage());
+        return dto;
+    }
+}

backend/src/main/java/com/openisle/mapper/PointHistoryMapper.java

@@ -0,0 +1,34 @@
+package com.openisle.mapper;
+
+import com.openisle.dto.PointHistoryDto;
+import com.openisle.model.PointHistory;
+import org.springframework.stereotype.Component;
+
+@Component
+public class PointHistoryMapper {
+    public PointHistoryDto toDto(PointHistory history) {
+        PointHistoryDto dto = new PointHistoryDto();
+        dto.setId(history.getId());
+        dto.setType(history.getType());
+        dto.setAmount(history.getAmount());
+        dto.setBalance(history.getBalance());
+        dto.setCreatedAt(history.getCreatedAt());
+        if (history.getPost() != null) {
+            dto.setPostId(history.getPost().getId());
+            dto.setPostTitle(history.getPost().getTitle());
+        }
+        if (history.getComment() != null) {
+            dto.setCommentId(history.getComment().getId());
+            dto.setCommentContent(history.getComment().getContent());
+            if (history.getComment().getPost() != null && dto.getPostId() == null) {
+                dto.setPostId(history.getComment().getPost().getId());
+                dto.setPostTitle(history.getComment().getPost().getTitle());
+            }
+        }
+        if (history.getFromUser() != null) {
+            dto.setFromUserId(history.getFromUser().getId());
+            dto.setFromUserName(history.getFromUser().getUsername());
+        }
+        return dto;
+    }
+}

backend/src/main/java/com/openisle/mapper/PostMapper.java

@@ -63,6 +63,8 @@ public class PostMapper {
         dto.setCommentCount(commentService.countComments(post.getId()));
         dto.setStatus(post.getStatus());
         dto.setPinnedAt(post.getPinnedAt());
+        dto.setRssExcluded(post.getRssExcluded() == null || post.getRssExcluded());
+        dto.setClosed(post.isClosed());
 
         List<ReactionDto> reactions = reactionService.getReactionsForPost(post.getId())
                 .stream()

backend/src/main/java/com/openisle/model/ActivityType.java

@@ -3,5 +3,6 @@ package com.openisle.model;
 /** Activity type enumeration. */
 public enum ActivityType {
     NORMAL,
-    MILK_TEA
+    MILK_TEA,
+    INVITE_POINTS
 }

backend/src/main/java/com/openisle/model/InviteToken.java

@@ -0,0 +1,23 @@
+package com.openisle.model;
+
+import jakarta.persistence.*;
+import lombok.Data;
+
+import java.time.LocalDate;
+
+/**
+ * Invite token entity tracking usage counts.
+ */
+@Data
+@Entity
+public class InviteToken {
+    @Id
+    private String token;
+
+    @ManyToOne
+    private User inviter;
+
+    private LocalDate createdDate;
+
+    private int usageCount;
+}

backend/src/main/java/com/openisle/model/MedalType.java

@@ -3,6 +3,7 @@ package com.openisle.model;
 public enum MedalType {
     COMMENT,
     POST,
+    FEATURED,
     CONTRIBUTOR,
     SEED,
     PIONEER

backend/src/main/java/com/openisle/model/Message.java

@@ -0,0 +1,35 @@
+package com.openisle.model;
+
+import jakarta.persistence.*;
+import lombok.Getter;
+import lombok.NoArgsConstructor;
+import lombok.Setter;
+import org.hibernate.annotations.CreationTimestamp;
+
+import java.time.LocalDateTime;
+
+@Entity
+@Getter
+@Setter
+@NoArgsConstructor
+@Table(name = "messages")
+public class Message {
+    @Id
+    @GeneratedValue(strategy = GenerationType.IDENTITY)
+    private Long id;
+
+    @ManyToOne(optional = false, fetch = FetchType.LAZY)
+    @JoinColumn(name = "conversation_id")
+    private MessageConversation conversation;
+
+    @ManyToOne(optional = false, fetch = FetchType.LAZY)
+    @JoinColumn(name = "sender_id")
+    private User sender;
+
+    @Column(nullable = false, columnDefinition = "TEXT")
+    private String content;
+
+    @CreationTimestamp
+    @Column(nullable = false, updatable = false)
+    private LocalDateTime createdAt;
+}

backend/src/main/java/com/openisle/model/MessageConversation.java

@@ -0,0 +1,48 @@
+package com.openisle.model;
+
+import jakarta.persistence.*;
+import lombok.Getter;
+import lombok.NoArgsConstructor;
+import lombok.Setter;
+import org.hibernate.annotations.CreationTimestamp;
+
+import java.time.LocalDateTime;
+import java.util.HashSet;
+import java.util.Set;
+
+@Entity
+@Getter
+@Setter
+@NoArgsConstructor
+@Table(name = "message_conversations")
+public class MessageConversation {
+    @Id
+    @GeneratedValue(strategy = GenerationType.IDENTITY)
+    private Long id;
+
+    // Indicates whether this conversation represents a public channel
+    @Column(nullable = false)
+    private boolean channel = false;
+
+    // Channel metadata
+    private String name;
+
+    @Column(columnDefinition = "TEXT")
+    private String description;
+
+    private String avatar;
+
+    @CreationTimestamp
+    @Column(nullable = false, updatable = false)
+    private LocalDateTime createdAt;
+
+    @OneToOne(fetch = FetchType.LAZY)
+    @JoinColumn(name = "last_message_id")
+    private Message lastMessage;
+
+    @OneToMany(mappedBy = "conversation", cascade = CascadeType.ALL, orphanRemoval = true)
+    private Set<MessageParticipant> participants = new HashSet<>();
+
+    @OneToMany(mappedBy = "conversation", cascade = CascadeType.ALL, orphanRemoval = true)
+    private Set<Message> messages = new HashSet<>();
+}

backend/src/main/java/com/openisle/model/MessageParticipant.java

@@ -0,0 +1,30 @@
+package com.openisle.model;
+
+import jakarta.persistence.*;
+import lombok.Getter;
+import lombok.NoArgsConstructor;
+import lombok.Setter;
+
+import java.time.LocalDateTime;
+
+@Entity
+@Getter
+@Setter
+@NoArgsConstructor
+@Table(name = "message_participants")
+public class MessageParticipant {
+    @Id
+    @GeneratedValue(strategy = GenerationType.IDENTITY)
+    private Long id;
+
+    @ManyToOne(optional = false, fetch = FetchType.LAZY)
+    @JoinColumn(name = "conversation_id")
+    private MessageConversation conversation;
+
+    @ManyToOne(optional = false, fetch = FetchType.LAZY)
+    @JoinColumn(name = "user_id")
+    private User user;
+
+    @Column
+    private LocalDateTime lastReadAt;
+}

backend/src/main/java/com/openisle/model/NotificationType.java

@@ -14,6 +14,8 @@ public enum NotificationType {
     POST_REVIEW_REQUEST,
     /** Your post under review was approved or rejected */
     POST_REVIEWED,
+    /** An administrator deleted your post */
+    POST_DELETED,
     /** A subscribed post received a new comment */
     POST_UPDATED,
     /** Someone subscribed to your post */
@@ -32,10 +34,14 @@ public enum NotificationType {
     REGISTER_REQUEST,
     /** A user redeemed an activity reward */
     ACTIVITY_REDEEM,
+    /** A user redeemed a point good */
+    POINT_REDEEM,
     /** You won a lottery post */
     LOTTERY_WIN,
     /** Your lottery post was drawn */
     LOTTERY_DRAW,
+    /** Your post was featured */
+    POST_FEATURED,
     /** You were mentioned in a post or comment */
     MENTION
 }

backend/src/main/java/com/openisle/model/PointGood.java

@@ -0,0 +1,26 @@
+package com.openisle.model;
+
+import jakarta.persistence.*;
+import lombok.Getter;
+import lombok.NoArgsConstructor;
+import lombok.Setter;
+
+/** Item available in the point mall. */
+@Entity
+@Getter
+@Setter
+@NoArgsConstructor
+@Table(name = "point_goods")
+public class PointGood {
+    @Id
+    @GeneratedValue(strategy = GenerationType.IDENTITY)
+    private Long id;
+
+    @Column(nullable = false)
+    private String name;
+
+    @Column(nullable = false)
+    private int cost;
+
+    private String image;
+}

backend/src/main/java/com/openisle/model/PointHistory.java

@@ -0,0 +1,49 @@
+package com.openisle.model;
+
+import jakarta.persistence.*;
+import lombok.Getter;
+import lombok.NoArgsConstructor;
+import lombok.Setter;
+
+import java.time.LocalDateTime;
+
+/** Point change history for a user. */
+@Entity
+@Getter
+@Setter
+@NoArgsConstructor
+@Table(name = "point_histories")
+public class PointHistory {
+    @Id
+    @GeneratedValue(strategy = GenerationType.IDENTITY)
+    private Long id;
+
+    @ManyToOne(fetch = FetchType.LAZY, optional = false)
+    @JoinColumn(name = "user_id")
+    private User user;
+
+    @Enumerated(EnumType.STRING)
+    @Column(nullable = false)
+    private PointHistoryType type;
+
+    @Column(nullable = false)
+    private int amount;
+
+    @Column(nullable = false)
+    private int balance;
+
+    @ManyToOne(fetch = FetchType.LAZY)
+    @JoinColumn(name = "post_id")
+    private Post post;
+
+    @ManyToOne(fetch = FetchType.LAZY)
+    @JoinColumn(name = "comment_id")
+    private Comment comment;
+
+    @ManyToOne(fetch = FetchType.LAZY)
+    @JoinColumn(name = "from_user_id")
+    private User fromUser;
+
+    @Column(name = "created_at", nullable = false)
+    private LocalDateTime createdAt;
+}

backend/src/main/java/com/openisle/model/PointHistoryType.java

@@ -0,0 +1,12 @@
+package com.openisle.model;
+
+public enum PointHistoryType {
+    POST,
+    COMMENT,
+    POST_LIKED,
+    COMMENT_LIKED,
+    INVITE,
+    FEATURE,
+    SYSTEM_ONLINE,
+    REDEEM
+}

backend/src/main/java/com/openisle/model/Post.java

@@ -64,7 +64,12 @@ public class Post {
     @Column(nullable = false)
     private PostType type = PostType.NORMAL;
 
+    @Column(nullable = false)
+    private boolean closed = false;
+
     @Column
     private LocalDateTime pinnedAt;
 
+    @Column(nullable = true)
+    private Boolean rssExcluded = true;
 }

backend/src/main/java/com/openisle/repository/InviteTokenRepository.java

@@ -0,0 +1,12 @@
+package com.openisle.repository;
+
+import com.openisle.model.InviteToken;
+import com.openisle.model.User;
+import org.springframework.data.jpa.repository.JpaRepository;
+
+import java.time.LocalDate;
+import java.util.Optional;
+
+public interface InviteTokenRepository extends JpaRepository<InviteToken, String> {
+    Optional<InviteToken> findByInviterAndCreatedDate(User inviter, LocalDate createdDate);
+}

backend/src/main/java/com/openisle/repository/MessageConversationRepository.java

@@ -0,0 +1,35 @@
+package com.openisle.repository;
+
+import com.openisle.model.MessageConversation;
+import org.springframework.data.jpa.repository.JpaRepository;
+import org.springframework.stereotype.Repository;
+
+import com.openisle.model.User;
+import java.util.List;
+
+import org.springframework.data.jpa.repository.Query;
+import org.springframework.data.repository.query.Param;
+
+import java.util.Optional;
+import com.openisle.model.User;
+import java.util.List;
+
+@Repository
+public interface MessageConversationRepository extends JpaRepository<MessageConversation, Long> {
+    @Query("SELECT c FROM MessageConversation c JOIN c.participants p1 JOIN c.participants p2 WHERE p1.user = :user1 AND p2.user = :user2")
+    Optional<MessageConversation> findConversationByUsers(@Param("user1") User user1, @Param("user2") User user2);
+    
+    @Query("SELECT DISTINCT c FROM MessageConversation c " +
+           "JOIN c.participants p " +
+           "LEFT JOIN FETCH c.lastMessage lm " +
+           "LEFT JOIN FETCH lm.sender " +
+           "LEFT JOIN FETCH c.participants cp " +
+           "LEFT JOIN FETCH cp.user " +
+           "WHERE p.user.id = :userId " +
+           "ORDER BY COALESCE(lm.createdAt, c.createdAt) DESC")
+    List<MessageConversation> findConversationsByUserIdOrderByLastMessageDesc(@Param("userId") Long userId);
+
+    List<MessageConversation> findByChannelTrue();
+
+    long countByChannelTrue();
+}

backend/src/main/java/com/openisle/repository/MessageParticipantRepository.java

@@ -0,0 +1,14 @@
+package com.openisle.repository;
+
+import com.openisle.model.MessageParticipant;
+import org.springframework.data.jpa.repository.JpaRepository;
+import org.springframework.stereotype.Repository;
+
+import java.util.List;
+import java.util.Optional;
+
+@Repository
+public interface MessageParticipantRepository extends JpaRepository<MessageParticipant, Long> {
+    Optional<MessageParticipant> findByConversationIdAndUserId(Long conversationId, Long userId);
+    List<MessageParticipant> findByUserId(Long userId);
+}

backend/src/main/java/com/openisle/repository/MessageRepository.java

@@ -0,0 +1,21 @@
+package com.openisle.repository;
+
+import com.openisle.model.Message;
+import org.springframework.data.jpa.repository.JpaRepository;
+import org.springframework.data.domain.Page;
+import org.springframework.data.domain.Pageable;
+import org.springframework.stereotype.Repository;
+
+import java.util.List;
+
+@Repository
+public interface MessageRepository extends JpaRepository<Message, Long> {
+    List<Message> findByConversationIdOrderByCreatedAtAsc(Long conversationId);
+
+    Page<Message> findByConversationId(Long conversationId, Pageable pageable);
+
+    long countByConversationIdAndCreatedAtAfter(Long conversationId, java.time.LocalDateTime createdAt);
+    
+    // 只计算不是指定用户发送的消息（即别人发给当前用户的消息）
+    long countByConversationIdAndCreatedAtAfterAndSenderIdNot(Long conversationId, java.time.LocalDateTime createdAt, Long senderId);
+}

backend/src/main/java/com/openisle/repository/NotificationRepository.java

@@ -6,6 +6,8 @@ import com.openisle.model.Post;
 import com.openisle.model.Comment;
 import com.openisle.model.NotificationType;
 import org.springframework.data.jpa.repository.JpaRepository;
+import org.springframework.data.domain.Page;
+import org.springframework.data.domain.Pageable;
 
 import java.util.List;
 
@@ -13,7 +15,12 @@ import java.util.List;
 public interface NotificationRepository extends JpaRepository<Notification, Long> {
     List<Notification> findByUserOrderByCreatedAtDesc(User user);
     List<Notification> findByUserAndReadOrderByCreatedAtDesc(User user, boolean read);
+    Page<Notification> findByUserOrderByCreatedAtDesc(User user, Pageable pageable);
+    Page<Notification> findByUserAndReadOrderByCreatedAtDesc(User user, boolean read, Pageable pageable);
+    Page<Notification> findByUserAndTypeNotInOrderByCreatedAtDesc(User user, java.util.Collection<NotificationType> types, Pageable pageable);
+    Page<Notification> findByUserAndReadAndTypeNotInOrderByCreatedAtDesc(User user, boolean read, java.util.Collection<NotificationType> types, Pageable pageable);
     long countByUserAndRead(User user, boolean read);
+    long countByUserAndReadAndTypeNotIn(User user, boolean read, java.util.Collection<NotificationType> types);
     List<Notification> findByPost(Post post);
     List<Notification> findByComment(Comment comment);
 

backend/src/main/java/com/openisle/repository/PointGoodRepository.java

@@ -0,0 +1,8 @@
+package com.openisle.repository;
+
+import com.openisle.model.PointGood;
+import org.springframework.data.jpa.repository.JpaRepository;
+
+/** Repository for point mall goods. */
+public interface PointGoodRepository extends JpaRepository<PointGood, Long> {
+}

backend/src/main/java/com/openisle/repository/PointHistoryRepository.java

@@ -0,0 +1,12 @@
+package com.openisle.repository;
+
+import com.openisle.model.PointHistory;
+import com.openisle.model.User;
+import org.springframework.data.jpa.repository.JpaRepository;
+
+import java.util.List;
+
+public interface PointHistoryRepository extends JpaRepository<PointHistory, Long> {
+    List<PointHistory> findByUserOrderByIdDesc(User user);
+    long countByUser(User user);
+}

backend/src/main/java/com/openisle/repository/PostRepository.java

@@ -97,6 +97,8 @@ public interface PostRepository extends JpaRepository<Post, Long> {
 
     long countDistinctByTags_Id(Long tagId);
 
+    long countByAuthor_IdAndRssExcludedFalse(Long userId);
+
     @Query("SELECT t.id, COUNT(DISTINCT p) FROM Post p JOIN p.tags t WHERE t.id IN :tagIds GROUP BY t.id")
     List<Object[]> countPostsByTagIds(@Param("tagIds") List<Long> tagIds);
 
@@ -106,4 +108,6 @@ public interface PostRepository extends JpaRepository<Post, Long> {
            "WHERE p.createdAt >= :start AND p.createdAt < :end GROUP BY d ORDER BY d")
     java.util.List<Object[]> countDailyRange(@Param("start") LocalDateTime start,
                                              @Param("end") LocalDateTime end);
+
+    List<Post> findByStatusAndRssExcludedFalseOrderByCreatedAtDesc(PostStatus status, Pageable pageable);
 }

backend/src/main/java/com/openisle/service/AuthResult.java

@@ -0,0 +1,12 @@
+package com.openisle.service;
+
+import com.openisle.model.User;
+import lombok.Value;
+
+/** Result for OAuth authentication indicating whether a new user was created. */
+@Value
+public class AuthResult {
+    User user;
+    boolean newUser;
+}
+

backend/src/main/java/com/openisle/service/ChannelService.java

@@ -0,0 +1,76 @@
+package com.openisle.service;
+
+import com.openisle.dto.ChannelDto;
+import com.openisle.model.MessageConversation;
+import com.openisle.model.MessageParticipant;
+import com.openisle.model.User;
+import com.openisle.repository.MessageConversationRepository;
+import com.openisle.repository.MessageParticipantRepository;
+import com.openisle.repository.MessageRepository;
+import com.openisle.repository.UserRepository;
+import lombok.RequiredArgsConstructor;
+import org.springframework.stereotype.Service;
+import org.springframework.transaction.annotation.Transactional;
+
+import java.time.LocalDateTime;
+import java.util.List;
+import java.util.stream.Collectors;
+
+@Service
+@RequiredArgsConstructor
+public class ChannelService {
+    private final MessageConversationRepository conversationRepository;
+    private final MessageParticipantRepository participantRepository;
+    private final MessageRepository messageRepository;
+    private final UserRepository userRepository;
+
+    @Transactional(readOnly = true)
+    public List<ChannelDto> listChannels(Long userId) {
+        List<MessageConversation> channels = conversationRepository.findByChannelTrue();
+        return channels.stream().map(c -> toDto(c, userId)).collect(Collectors.toList());
+    }
+
+    @Transactional
+    public ChannelDto joinChannel(Long channelId, Long userId) {
+        MessageConversation channel = conversationRepository.findById(channelId)
+                .orElseThrow(() -> new IllegalArgumentException("Channel not found"));
+        User user = userRepository.findById(userId)
+                .orElseThrow(() -> new IllegalArgumentException("User not found"));
+        participantRepository.findByConversationIdAndUserId(channelId, userId)
+                .orElseGet(() -> {
+                    MessageParticipant p = new MessageParticipant();
+                    p.setConversation(channel);
+                    p.setUser(user);
+                    MessageParticipant saved = participantRepository.save(p);
+                    channel.getParticipants().add(saved);
+                    return saved;
+                });
+        return toDto(channel, userId);
+    }
+
+    private ChannelDto toDto(MessageConversation channel, Long userId) {
+        ChannelDto dto = new ChannelDto();
+        dto.setId(channel.getId());
+        dto.setName(channel.getName());
+        dto.setDescription(channel.getDescription());
+        dto.setAvatar(channel.getAvatar());
+        dto.setMemberCount(channel.getParticipants().size());
+        boolean joined = channel.getParticipants().stream()
+                .anyMatch(p -> p.getUser().getId().equals(userId));
+        dto.setJoined(joined);
+        if (joined) {
+            MessageParticipant participant = channel.getParticipants().stream()
+                    .filter(p -> p.getUser().getId().equals(userId))
+                    .findFirst().orElse(null);
+            LocalDateTime lastRead = participant.getLastReadAt() == null
+                    ? LocalDateTime.of(1970, 1, 1, 0, 0)
+                    : participant.getLastReadAt();
+            long unread = messageRepository
+                    .countByConversationIdAndCreatedAtAfterAndSenderIdNot(channel.getId(), lastRead, userId);
+            dto.setUnreadCount(unread);
+        } else {
+            dto.setUnreadCount(0);
+        }
+        return dto;
+    }
+}

backend/src/main/java/com/openisle/service/CommentService.java

@@ -52,6 +52,9 @@ public class CommentService {
                 .orElseThrow(() -> new com.openisle.exception.NotFoundException("User not found"));
         Post post = postRepository.findById(postId)
                 .orElseThrow(() -> new com.openisle.exception.NotFoundException("Post not found"));
+        if (post.isClosed()) {
+            throw new IllegalStateException("Post closed");
+        }
         Comment comment = new Comment();
         comment.setAuthor(author);
         comment.setPost(post);
@@ -94,6 +97,9 @@ public class CommentService {
                 .orElseThrow(() -> new com.openisle.exception.NotFoundException("User not found"));
         Comment parent = commentRepository.findById(parentId)
                 .orElseThrow(() -> new IllegalArgumentException("Comment not found"));
+        if (parent.getPost().isClosed()) {
+            throw new IllegalStateException("Post closed");
+        }
         Comment comment = new Comment();
         comment.setAuthor(author);
         comment.setPost(parent.getPost());

backend/src/main/java/com/openisle/service/DiscordAuthService.java

@@ -26,7 +26,7 @@ public class DiscordAuthService {
     @Value("${discord.client-secret:}")
     private String clientSecret;
 
-    public Optional<User> authenticate(String code, com.openisle.model.RegisterMode mode, String redirectUri) {
+    public Optional<AuthResult> authenticate(String code, com.openisle.model.RegisterMode mode, String redirectUri, boolean viaInvite) {
         try {
             String tokenUrl = "https://discord.com/api/oauth2/token";
             HttpHeaders headers = new HttpHeaders();
@@ -67,13 +67,13 @@ public class DiscordAuthService {
             if (email == null) {
                 email = (username != null ? username : id) + "@users.noreply.discord.com";
             }
-            return Optional.of(processUser(email, username, avatar, mode));
+            return Optional.of(processUser(email, username, avatar, mode, viaInvite));
         } catch (Exception e) {
             return Optional.empty();
         }
     }
 
-    private User processUser(String email, String username, String avatar, com.openisle.model.RegisterMode mode) {
+    private AuthResult processUser(String email, String username, String avatar, com.openisle.model.RegisterMode mode, boolean viaInvite) {
         Optional<User> existing = userRepository.findByEmail(email);
         if (existing.isPresent()) {
             User user = existing.get();
@@ -82,7 +82,7 @@ public class DiscordAuthService {
                 user.setVerificationCode(null);
                 userRepository.save(user);
             }
-            return user;
+            return new AuthResult(user, false);
         }
         String baseUsername = username != null ? username : email.split("@")[0];
         String finalUsername = baseUsername;
@@ -96,12 +96,12 @@ public class DiscordAuthService {
         user.setPassword("");
         user.setRole(Role.USER);
         user.setVerified(true);
-        user.setApproved(mode == com.openisle.model.RegisterMode.DIRECT);
+        user.setApproved(mode == com.openisle.model.RegisterMode.DIRECT || viaInvite);
         if (avatar != null) {
             user.setAvatar(avatar);
         } else {
             user.setAvatar("https://cdn.discordapp.com/embed/avatars/0.png");
         }
-        return userRepository.save(user);
+        return new AuthResult(userRepository.save(user), true);
     }
 }

backend/src/main/java/com/openisle/service/GithubAuthService.java

@@ -30,7 +30,7 @@ public class GithubAuthService {
     @Value("${github.client-secret:}")
     private String clientSecret;
 
-    public Optional<User> authenticate(String code, com.openisle.model.RegisterMode mode, String redirectUri) {
+    public Optional<AuthResult> authenticate(String code, com.openisle.model.RegisterMode mode, String redirectUri, boolean viaInvite) {
         try {
             String tokenUrl = "https://github.com/login/oauth/access_token";
             HttpHeaders headers = new HttpHeaders();
@@ -86,13 +86,13 @@ public class GithubAuthService {
             if (email == null) {
                 email = username + "@users.noreply.github.com";
             }
-            return Optional.of(processUser(email, username, avatarUrl, mode));
+            return Optional.of(processUser(email, username, avatarUrl, mode, viaInvite));
         } catch (Exception e) {
             return Optional.empty();
         }
     }
 
-    private User processUser(String email, String username, String avatar, com.openisle.model.RegisterMode mode) {
+    private AuthResult processUser(String email, String username, String avatar, com.openisle.model.RegisterMode mode, boolean viaInvite) {
         Optional<User> existing = userRepository.findByEmail(email);
         if (existing.isPresent()) {
             User user = existing.get();
@@ -101,7 +101,7 @@ public class GithubAuthService {
                 user.setVerificationCode(null);
                 userRepository.save(user);
             }
-            return user;
+            return new AuthResult(user, false);
         }
         String baseUsername = username != null ? username : email.split("@")[0];
         String finalUsername = baseUsername;
@@ -115,12 +115,12 @@ public class GithubAuthService {
         user.setPassword("");
         user.setRole(Role.USER);
         user.setVerified(true);
-        user.setApproved(mode == com.openisle.model.RegisterMode.DIRECT);
+        user.setApproved(mode == com.openisle.model.RegisterMode.DIRECT || viaInvite);
         if (avatar != null) {
             user.setAvatar(avatar);
         } else {
             user.setAvatar(avatarGenerator.generate(finalUsername));
         }
-        return userRepository.save(user);
+        return new AuthResult(userRepository.save(user), true);
     }
 }

backend/src/main/java/com/openisle/service/GoogleAuthService.java

@@ -25,7 +25,7 @@ public class GoogleAuthService {
     @Value("${google.client-id:}")
     private String clientId;
 
-    public Optional<User> authenticate(String idTokenString, com.openisle.model.RegisterMode mode) {
+    public Optional<AuthResult> authenticate(String idTokenString, com.openisle.model.RegisterMode mode, boolean viaInvite) {
         GoogleIdTokenVerifier verifier = new GoogleIdTokenVerifier.Builder(new NetHttpTransport(), new JacksonFactory())
                 .setAudience(Collections.singletonList(clientId))
                 .build();
@@ -38,13 +38,13 @@ public class GoogleAuthService {
             String email = payload.getEmail();
             String name = (String) payload.get("name");
             String picture = (String) payload.get("picture");
-            return Optional.of(processUser(email, name, picture, mode));
+            return Optional.of(processUser(email, name, picture, mode, viaInvite));
         } catch (Exception e) {
             return Optional.empty();
         }
     }
 
-    private User processUser(String email, String name, String avatar, com.openisle.model.RegisterMode mode) {
+    private AuthResult processUser(String email, String name, String avatar, com.openisle.model.RegisterMode mode, boolean viaInvite) {
         Optional<User> existing = userRepository.findByEmail(email);
         if (existing.isPresent()) {
             User user = existing.get();
@@ -53,8 +53,7 @@ public class GoogleAuthService {
                 user.setVerificationCode(null);
                 userRepository.save(user);
             }
-
-            return user;
+            return new AuthResult(user, false);
         }
         User user = new User();
         String baseUsername = email.split("@")[0];
@@ -68,12 +67,12 @@ public class GoogleAuthService {
         user.setPassword("");
         user.setRole(Role.USER);
         user.setVerified(true);
-        user.setApproved(mode == com.openisle.model.RegisterMode.DIRECT);
+        user.setApproved(mode == com.openisle.model.RegisterMode.DIRECT || viaInvite);
         if (avatar != null) {
             user.setAvatar(avatar);
         } else {
             user.setAvatar(avatarGenerator.generate(username));
         }
-        return userRepository.save(user);
+        return new AuthResult(userRepository.save(user), true);
     }
 }

backend/src/main/java/com/openisle/service/InviteService.java

@@ -0,0 +1,64 @@
+package com.openisle.service;
+
+import com.openisle.model.InviteToken;
+import com.openisle.model.User;
+import com.openisle.repository.InviteTokenRepository;
+import com.openisle.repository.UserRepository;
+import lombok.RequiredArgsConstructor;
+import lombok.Value;
+import org.springframework.stereotype.Service;
+
+import java.time.LocalDate;
+import java.util.Optional;
+
+@Service
+@RequiredArgsConstructor
+public class InviteService {
+    private final InviteTokenRepository inviteTokenRepository;
+    private final UserRepository userRepository;
+    private final JwtService jwtService;
+    private final PointService pointService;
+
+    @Value
+    public class InviteValidateResult {
+        InviteToken inviteToken;
+        boolean validate;
+    }
+
+    public String generate(String username) {
+        User inviter = userRepository.findByUsername(username).orElseThrow();
+        LocalDate today = LocalDate.now();
+        Optional<InviteToken> existing = inviteTokenRepository.findByInviterAndCreatedDate(inviter, today);
+        if (existing.isPresent()) {
+            return existing.get().getToken();
+        }
+        String token = jwtService.generateInviteToken(username);
+        InviteToken inviteToken = new InviteToken();
+        inviteToken.setToken(token);
+        inviteToken.setInviter(inviter);
+        inviteToken.setCreatedDate(today);
+        inviteToken.setUsageCount(0);
+        inviteTokenRepository.save(inviteToken);
+        return token;
+    }
+
+    public InviteValidateResult validate(String token) {
+        if (token == null || token.isEmpty()) {
+            return new InviteValidateResult(null, false);
+        }
+        try {
+            jwtService.validateAndGetSubjectForInvite(token);
+        } catch (Exception e) {
+            return new InviteValidateResult(null, false);
+        }
+        InviteToken invite = inviteTokenRepository.findById(token).orElse(null);
+        return new InviteValidateResult(invite, invite != null && invite.getUsageCount() < 3);
+    }
+
+    public void consume(String token, String newUserName) {
+        InviteToken invite = inviteTokenRepository.findById(token).orElseThrow();
+        invite.setUsageCount(invite.getUsageCount() + 1);
+        inviteTokenRepository.save(invite);
+        pointService.awardForInvite(invite.getInviter().getUsername(), newUserName);
+    }
+}

backend/src/main/java/com/openisle/service/JwtService.java

@@ -24,6 +24,9 @@ public class JwtService {
     @Value("${app.jwt.reset-secret}")
     private String resetSecret;
 
+    @Value("${app.jwt.invite-secret}")
+    private String inviteSecret;
+
     @Value("${app.jwt.expiration}")
     private long expiration;
 
@@ -70,6 +73,17 @@ public class JwtService {
                 .compact();
     }
 
+    public String generateInviteToken(String subject) {
+        Date now = new Date();
+        Date expiryDate = new Date(now.getTime() + expiration);
+        return Jwts.builder()
+                .setSubject(subject)
+                .setIssuedAt(now)
+                .setExpiration(expiryDate)
+                .signWith(getSigningKeyForSecret(inviteSecret))
+                .compact();
+    }
+
     public String validateAndGetSubject(String token) {
         Claims claims = Jwts.parserBuilder()
                 .setSigningKey(getSigningKeyForSecret(secret))
@@ -96,4 +110,13 @@ public class JwtService {
                 .getBody();
         return claims.getSubject();
     }
+
+    public String validateAndGetSubjectForInvite(String token) {
+        Claims claims = Jwts.parserBuilder()
+                .setSigningKey(getSigningKeyForSecret(inviteSecret))
+                .build()
+                .parseClaimsJws(token)
+                .getBody();
+        return claims.getSubject();
+    }
 }

backend/src/main/java/com/openisle/service/MedalService.java

@@ -6,6 +6,7 @@ import com.openisle.dto.MedalDto;
 import com.openisle.dto.PostMedalDto;
 import com.openisle.dto.SeedUserMedalDto;
 import com.openisle.dto.PioneerMedalDto;
+import com.openisle.dto.FeaturedMedalDto;
 import com.openisle.model.MedalType;
 import com.openisle.model.User;
 import com.openisle.repository.CommentRepository;
@@ -74,6 +75,23 @@ public class MedalService {
         postMedal.setSelected(selected == MedalType.POST);
         medals.add(postMedal);
 
+        FeaturedMedalDto featuredMedal = new FeaturedMedalDto();
+        featuredMedal.setIcon("https://openisle-1307107697.cos.ap-guangzhou.myqcloud.com/assert/icons/achi_rss.png");
+        featuredMedal.setTitle("精选作者");
+        featuredMedal.setDescription("至少有1篇文章被收录为精选");
+        featuredMedal.setType(MedalType.FEATURED);
+        featuredMedal.setTargetFeaturedCount(1);
+        if (user != null) {
+            long count = postRepository.countByAuthor_IdAndRssExcludedFalse(user.getId());
+            featuredMedal.setCurrentFeaturedCount(count);
+            featuredMedal.setCompleted(count >= 1);
+        } else {
+            featuredMedal.setCurrentFeaturedCount(0);
+            featuredMedal.setCompleted(false);
+        }
+        featuredMedal.setSelected(selected == MedalType.FEATURED);
+        medals.add(featuredMedal);
+
         ContributorMedalDto contributorMedal = new ContributorMedalDto();
         contributorMedal.setIcon("https://openisle-1307107697.cos.ap-guangzhou.myqcloud.com/assert/icons/achi_coder.png");
         contributorMedal.setTitle("贡献者");
@@ -141,6 +159,8 @@ public class MedalService {
             user.setDisplayMedal(MedalType.COMMENT);
         } else if (postRepository.countByAuthor_Id(user.getId()) >= POST_TARGET) {
             user.setDisplayMedal(MedalType.POST);
+        } else if (postRepository.countByAuthor_IdAndRssExcludedFalse(user.getId()) >= 1) {
+            user.setDisplayMedal(MedalType.FEATURED);
         } else if (contributorService.getContributionLines(user.getUsername()) >= CONTRIBUTION_TARGET) {
             user.setDisplayMedal(MedalType.CONTRIBUTOR);
         } else if (userRepository.countByCreatedAtBefore(user.getCreatedAt()) < PIONEER_LIMIT) {

backend/src/main/java/com/openisle/service/MessageService.java

@@ -0,0 +1,269 @@
+package com.openisle.service;
+
+import com.openisle.model.Message;
+import com.openisle.model.MessageConversation;
+import com.openisle.model.MessageParticipant;
+import com.openisle.model.User;
+import com.openisle.repository.MessageConversationRepository;
+import com.openisle.repository.MessageParticipantRepository;
+import com.openisle.repository.MessageRepository;
+import com.openisle.repository.UserRepository;
+import com.openisle.dto.ConversationDetailDto;
+import com.openisle.dto.ConversationDto;
+import com.openisle.dto.MessageDto;
+import com.openisle.dto.UserSummaryDto;
+import lombok.RequiredArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.data.domain.Page;
+import org.springframework.data.domain.Pageable;
+import org.springframework.messaging.simp.SimpMessagingTemplate;
+import org.springframework.stereotype.Service;
+import org.springframework.transaction.annotation.Transactional;
+
+import java.time.LocalDateTime;
+import java.util.List;
+import java.util.stream.Collectors;
+
+@Service
+@RequiredArgsConstructor
+@Slf4j
+public class MessageService {
+
+    private final MessageRepository messageRepository;
+    private final MessageConversationRepository conversationRepository;
+    private final MessageParticipantRepository participantRepository;
+    private final UserRepository userRepository;
+    private final SimpMessagingTemplate messagingTemplate;
+
+    @Transactional
+    public Message sendMessage(Long senderId, Long recipientId, String content) {
+        log.info("Attempting to send message from user {} to user {}", senderId, recipientId);
+        User sender = userRepository.findById(senderId)
+                .orElseThrow(() -> new IllegalArgumentException("Sender not found"));
+        User recipient = userRepository.findById(recipientId)
+                .orElseThrow(() -> new IllegalArgumentException("Recipient not found"));
+
+        log.info("Finding or creating conversation for users {} and {}", sender.getUsername(), recipient.getUsername());
+        MessageConversation conversation = findOrCreateConversation(sender, recipient);
+        log.info("Conversation found or created with ID: {}", conversation.getId());
+
+        Message message = new Message();
+        message.setConversation(conversation);
+        message.setSender(sender);
+        message.setContent(content);
+        message = messageRepository.save(message);
+        log.info("Message saved with ID: {}", message.getId());
+
+        conversation.setLastMessage(message);
+        conversationRepository.save(conversation);
+        log.info("Conversation {} updated with last message ID {}", conversation.getId(), message.getId());
+
+        // Broadcast the new message to subscribed clients
+        MessageDto messageDto = toDto(message);
+        String conversationDestination = "/topic/conversation/" + conversation.getId();
+        messagingTemplate.convertAndSend(conversationDestination, messageDto);
+        log.info("Message {} broadcasted to destination: {}", message.getId(), conversationDestination);
+
+        // Also notify the recipient on their personal channel to update the conversation list
+        String userDestination = "/topic/user/" + recipient.getId() + "/messages";
+        messagingTemplate.convertAndSend(userDestination, messageDto);
+        log.info("Message {} notification sent to destination: {}", message.getId(), userDestination);
+
+        // Notify recipient of new unread count
+        long unreadCount = getUnreadMessageCount(recipientId);
+        log.info("Calculating unread count for user {}: {}", recipientId, unreadCount);
+        
+        // Send using username instead of user ID for WebSocket routing
+        String recipientUsername = recipient.getUsername();
+        messagingTemplate.convertAndSendToUser(recipientUsername, "/queue/unread-count", unreadCount);
+        log.info("Sent unread count {} to user {} (username: {}) via WebSocket destination: /user/{}/queue/unread-count",
+                unreadCount, recipientId, recipientUsername, recipientUsername);
+
+        return message;
+    }
+
+    @Transactional
+    public Message sendMessageToConversation(Long senderId, Long conversationId, String content) {
+        User sender = userRepository.findById(senderId)
+                .orElseThrow(() -> new IllegalArgumentException("Sender not found"));
+        MessageConversation conversation = conversationRepository.findById(conversationId)
+                .orElseThrow(() -> new IllegalArgumentException("Conversation not found"));
+
+        // Join the conversation if not already a participant (useful for channels)
+        participantRepository.findByConversationIdAndUserId(conversationId, senderId)
+                .orElseGet(() -> {
+                    MessageParticipant p = new MessageParticipant();
+                    p.setConversation(conversation);
+                    p.setUser(sender);
+                    return participantRepository.save(p);
+                });
+
+        Message message = new Message();
+        message.setConversation(conversation);
+        message.setSender(sender);
+        message.setContent(content);
+        message = messageRepository.save(message);
+
+        conversation.setLastMessage(message);
+        conversationRepository.save(conversation);
+
+        MessageDto messageDto = toDto(message);
+        String conversationDestination = "/topic/conversation/" + conversation.getId();
+        messagingTemplate.convertAndSend(conversationDestination, messageDto);
+
+        // Notify all participants except sender for updates
+        for (MessageParticipant participant : conversation.getParticipants()) {
+            if (participant.getUser().getId().equals(senderId)) continue;
+            String userDestination = "/topic/user/" + participant.getUser().getId() + "/messages";
+            messagingTemplate.convertAndSend(userDestination, messageDto);
+
+            long unreadCount = getUnreadMessageCount(participant.getUser().getId());
+            String username = participant.getUser().getUsername();
+            messagingTemplate.convertAndSendToUser(username, "/queue/unread-count", unreadCount);
+        }
+
+        return message;
+    }
+
+    private MessageDto toDto(Message message) {
+        MessageDto dto = new MessageDto();
+        dto.setId(message.getId());
+        dto.setContent(message.getContent());
+        dto.setConversationId(message.getConversation().getId());
+        dto.setCreatedAt(message.getCreatedAt());
+
+        UserSummaryDto userSummaryDto = new UserSummaryDto();
+        userSummaryDto.setId(message.getSender().getId());
+        userSummaryDto.setUsername(message.getSender().getUsername());
+        userSummaryDto.setAvatar(message.getSender().getAvatar());
+        dto.setSender(userSummaryDto);
+
+        return dto;
+    }
+
+    public MessageConversation findOrCreateConversation(Long user1Id, Long user2Id) {
+        User user1 = userRepository.findById(user1Id)
+                .orElseThrow(() -> new IllegalArgumentException("User1 not found"));
+        User user2 = userRepository.findById(user2Id)
+                .orElseThrow(() -> new IllegalArgumentException("User2 not found"));
+        return findOrCreateConversation(user1, user2);
+    }
+
+    private MessageConversation findOrCreateConversation(User user1, User user2) {
+        log.info("Searching for existing conversation between {} and {}", user1.getUsername(), user2.getUsername());
+        return conversationRepository.findConversationByUsers(user1, user2)
+                .orElseGet(() -> {
+                    log.info("No existing conversation found. Creating a new one.");
+                    MessageConversation conversation = new MessageConversation();
+                    conversation = conversationRepository.save(conversation);
+                    log.info("New conversation created with ID: {}", conversation.getId());
+
+                    MessageParticipant participant1 = new MessageParticipant();
+                    participant1.setConversation(conversation);
+                    participant1.setUser(user1);
+                    participantRepository.save(participant1);
+                    log.info("Participant {} added to conversation {}", user1.getUsername(), conversation.getId());
+
+                    MessageParticipant participant2 = new MessageParticipant();
+                    participant2.setConversation(conversation);
+                    participant2.setUser(user2);
+                    participantRepository.save(participant2);
+                    log.info("Participant {} added to conversation {}", user2.getUsername(), conversation.getId());
+
+                    return conversation;
+                });
+    }
+
+    @Transactional(readOnly = true)
+    public List<ConversationDto> getConversations(Long userId) {
+        List<MessageConversation> conversations = conversationRepository.findConversationsByUserIdOrderByLastMessageDesc(userId);
+        return conversations.stream()
+                .filter(c -> !c.isChannel())
+                .map(c -> toDto(c, userId))
+                .collect(Collectors.toList());
+    }
+
+    private ConversationDto toDto(MessageConversation conversation, Long userId) {
+        ConversationDto dto = new ConversationDto();
+        dto.setId(conversation.getId());
+        dto.setChannel(conversation.isChannel());
+        dto.setName(conversation.getName());
+        dto.setAvatar(conversation.getAvatar());
+        dto.setCreatedAt(conversation.getCreatedAt());
+        if (conversation.getLastMessage() != null) {
+            dto.setLastMessage(toDto(conversation.getLastMessage()));
+        }
+        dto.setParticipants(conversation.getParticipants().stream()
+                .map(p -> {
+                    UserSummaryDto userDto = new UserSummaryDto();
+                    userDto.setId(p.getUser().getId());
+                    userDto.setUsername(p.getUser().getUsername());
+                    userDto.setAvatar(p.getUser().getAvatar());
+                    return userDto;
+                })
+                .collect(Collectors.toList()));
+
+        MessageParticipant self = conversation.getParticipants().stream()
+                .filter(p -> p.getUser().getId().equals(userId))
+                .findFirst()
+                .orElseThrow(() -> new IllegalStateException("Participant not found in conversation"));
+
+        LocalDateTime lastRead = self.getLastReadAt() == null ? LocalDateTime.of(1970, 1, 1, 0, 0) : self.getLastReadAt();
+        // 只计算别人发送给当前用户的未读消息
+        long unreadCount = messageRepository.countByConversationIdAndCreatedAtAfterAndSenderIdNot(conversation.getId(), lastRead, userId);
+        dto.setUnreadCount(unreadCount);
+
+        return dto;
+    }
+
+    @Transactional
+    public ConversationDetailDto getConversationDetails(Long conversationId, Long userId, Pageable pageable) {
+        markConversationAsRead(conversationId, userId);
+
+        MessageConversation conversation = conversationRepository.findById(conversationId)
+                .orElseThrow(() -> new IllegalArgumentException("Conversation not found"));
+
+        Page<Message> messagesPage = messageRepository.findByConversationId(conversationId, pageable);
+        Page<MessageDto> messageDtoPage = messagesPage.map(this::toDto);
+
+        List<UserSummaryDto> participants = conversation.getParticipants().stream()
+                .map(p -> {
+                    UserSummaryDto userDto = new UserSummaryDto();
+                    userDto.setId(p.getUser().getId());
+                    userDto.setUsername(p.getUser().getUsername());
+                    userDto.setAvatar(p.getUser().getAvatar());
+                    return userDto;
+                })
+                .collect(Collectors.toList());
+
+        ConversationDetailDto detailDto = new ConversationDetailDto();
+        detailDto.setId(conversation.getId());
+        detailDto.setName(conversation.getName());
+        detailDto.setChannel(conversation.isChannel());
+        detailDto.setAvatar(conversation.getAvatar());
+        detailDto.setParticipants(participants);
+        detailDto.setMessages(messageDtoPage);
+
+        return detailDto;
+    }
+
+    @Transactional
+    public void markConversationAsRead(Long conversationId, Long userId) {
+        MessageParticipant participant = participantRepository.findByConversationIdAndUserId(conversationId, userId)
+                .orElseThrow(() -> new IllegalArgumentException("Participant not found"));
+        participant.setLastReadAt(LocalDateTime.now());
+        participantRepository.save(participant);
+    }
+
+    @Transactional(readOnly = true)
+    public long getUnreadMessageCount(Long userId) {
+        List<MessageParticipant> participations = participantRepository.findByUserId(userId);
+        long totalUnreadCount = 0;
+        for (MessageParticipant p : participations) {
+            LocalDateTime lastRead = p.getLastReadAt() == null ? LocalDateTime.of(1970, 1, 1, 0, 0) : p.getLastReadAt();
+            // 只计算别人发送给当前用户的未读消息
+            totalUnreadCount += messageRepository.countByConversationIdAndCreatedAtAfterAndSenderIdNot(p.getConversation().getId(), lastRead, userId);
+        }
+        return totalUnreadCount;
+    }
+}

backend/src/main/java/com/openisle/service/NotificationService.java

@@ -23,7 +23,6 @@ import java.util.HashSet;
 import java.util.List;
 import java.util.ArrayList;
 import java.util.concurrent.Executor;
-import java.util.stream.Collectors;
 
 /** Service for creating and retrieving notifications. */
 @Service
@@ -141,6 +140,19 @@ public class NotificationService {
         }
     }
 
+    /**
+     * Create notifications for all admins when a user redeems a point good.
+     * Old redeem notifications from the same user are removed first.
+     */
+    @org.springframework.transaction.annotation.Transactional
+    public void createPointRedeemNotifications(User user, String content) {
+//        notificationRepository.deleteByTypeAndFromUser(NotificationType.POINT_REDEEM, user);
+        for (User admin : userRepository.findByRole(Role.ADMIN)) {
+            createNotification(admin, NotificationType.POINT_REDEEM, null, null,
+                    null, user, null, content);
+        }
+    }
+
     public List<NotificationPreferenceDto> listPreferences(String username) {
         User user = userRepository.findByUsername(username)
                 .orElseThrow(() -> new com.openisle.exception.NotFoundException("User not found"));
@@ -167,17 +179,26 @@ public class NotificationService {
         userRepository.save(user);
     }
 
-    public List<Notification> listNotifications(String username, Boolean read) {
+    public List<Notification> listNotifications(String username, Boolean read, int page, int size) {
         User user = userRepository.findByUsername(username)
                 .orElseThrow(() -> new com.openisle.exception.NotFoundException("User not found"));
         Set<NotificationType> disabled = user.getDisabledNotificationTypes();
-        List<Notification> list;
+        org.springframework.data.domain.Pageable pageable = org.springframework.data.domain.PageRequest.of(page, size);
+        org.springframework.data.domain.Page<Notification> result;
         if (read == null) {
-            list = notificationRepository.findByUserOrderByCreatedAtDesc(user);
+            if (disabled.isEmpty()) {
+                result = notificationRepository.findByUserOrderByCreatedAtDesc(user, pageable);
+            } else {
+                result = notificationRepository.findByUserAndTypeNotInOrderByCreatedAtDesc(user, disabled, pageable);
+            }
         } else {
-            list = notificationRepository.findByUserAndReadOrderByCreatedAtDesc(user, read);
+            if (disabled.isEmpty()) {
+                result = notificationRepository.findByUserAndReadOrderByCreatedAtDesc(user, read, pageable);
+            } else {
+                result = notificationRepository.findByUserAndReadAndTypeNotInOrderByCreatedAtDesc(user, read, disabled, pageable);
+            }
         }
-        return list.stream().filter(n -> !disabled.contains(n.getType())).collect(Collectors.toList());
+        return result.getContent();
     }
 
     public void markRead(String username, List<Long> ids) {
@@ -196,8 +217,10 @@ public class NotificationService {
         User user = userRepository.findByUsername(username)
                 .orElseThrow(() -> new com.openisle.exception.NotFoundException("User not found"));
         Set<NotificationType> disabled = user.getDisabledNotificationTypes();
-        return notificationRepository.findByUserAndReadOrderByCreatedAtDesc(user, false).stream()
-                .filter(n -> !disabled.contains(n.getType())).count();
+        if (disabled.isEmpty()) {
+            return notificationRepository.countByUserAndRead(user, false);
+        }
+        return notificationRepository.countByUserAndReadAndTypeNotIn(user, false, disabled);
     }
 
     public void notifyMentions(String content, User fromUser, Post post, Comment comment) {

backend/src/main/java/com/openisle/service/PointMallService.java

@@ -0,0 +1,48 @@
+package com.openisle.service;
+
+import com.openisle.exception.FieldException;
+import com.openisle.exception.NotFoundException;
+import com.openisle.model.PointGood;
+import com.openisle.model.PointHistory;
+import com.openisle.model.PointHistoryType;
+import com.openisle.model.User;
+import com.openisle.repository.PointGoodRepository;
+import com.openisle.repository.PointHistoryRepository;
+import com.openisle.repository.UserRepository;
+import lombok.RequiredArgsConstructor;
+import org.springframework.stereotype.Service;
+
+import java.util.List;
+
+/** Service for point mall operations. */
+@Service
+@RequiredArgsConstructor
+public class PointMallService {
+    private final PointGoodRepository pointGoodRepository;
+    private final UserRepository userRepository;
+    private final NotificationService notificationService;
+    private final PointHistoryRepository pointHistoryRepository;
+
+    public List<PointGood> listGoods() {
+        return pointGoodRepository.findAll();
+    }
+
+    public int redeem(User user, Long goodId, String contact) {
+        PointGood good = pointGoodRepository.findById(goodId)
+                .orElseThrow(() -> new NotFoundException("Good not found"));
+        if (user.getPoint() < good.getCost()) {
+            throw new FieldException("point", "Insufficient points");
+        }
+        user.setPoint(user.getPoint() - good.getCost());
+        userRepository.save(user);
+        notificationService.createPointRedeemNotifications(user, good.getName() + ": " + contact);
+        PointHistory history = new PointHistory();
+        history.setUser(user);
+        history.setType(PointHistoryType.REDEEM);
+        history.setAmount(-good.getCost());
+        history.setBalance(user.getPoint());
+        history.setCreatedAt(java.time.LocalDateTime.now());
+        pointHistoryRepository.save(history);
+        return user.getPoint();
+    }
+}

backend/src/main/java/com/openisle/service/PointService.java

@@ -1,7 +1,6 @@
 package com.openisle.service;
 
-import com.openisle.model.PointLog;
-import com.openisle.model.User;
+import com.openisle.model.*;
 import com.openisle.repository.*;
 import lombok.RequiredArgsConstructor;
 import org.springframework.stereotype.Service;
@@ -16,14 +15,28 @@ public class PointService {
     private final PointLogRepository pointLogRepository;
     private final PostRepository postRepository;
     private final CommentRepository commentRepository;
+    private final PointHistoryRepository pointHistoryRepository;
 
-    public int awardForPost(String userName) {
+    public int awardForPost(String userName, Long postId) {
         User user = userRepository.findByUsername(userName).orElseThrow();
         PointLog log = getTodayLog(user);
         if (log.getPostCount() > 1) return 0;
         log.setPostCount(log.getPostCount() + 1);
         pointLogRepository.save(log);
-        return addPoint(user, 30);
+        Post post = postRepository.findById(postId).orElseThrow();
+        return addPoint(user, 30, PointHistoryType.POST, post, null, null);
+    }
+
+    public int awardForInvite(String userName, String inviteeName) {
+        User user = userRepository.findByUsername(userName).orElseThrow();
+        User invitee = userRepository.findByUsername(inviteeName).orElseThrow();
+        return addPoint(user, 500, PointHistoryType.INVITE, null, null, invitee);
+    }
+
+    public int awardForFeatured(String userName, Long postId) {
+        User user = userRepository.findByUsername(userName).orElseThrow();
+        Post post = postRepository.findById(postId).orElseThrow();
+        return addPoint(user, 500, PointHistoryType.FEATURE, post, null, null);
     }
 
     private PointLog getTodayLog(User user) {
@@ -40,20 +53,41 @@ public class PointService {
                 });
     }
 
-    private int addPoint(User user, int amount) {
+    private int addPoint(User user, int amount, PointHistoryType type,
+                         Post post, Comment comment, User fromUser) {
+        if (pointHistoryRepository.countByUser(user) == 0) {
+            recordHistory(user, PointHistoryType.SYSTEM_ONLINE, 0, null, null, null);
+        }
         user.setPoint(user.getPoint() + amount);
         userRepository.save(user);
+        recordHistory(user, type, amount, post, comment, fromUser);
         return amount;
     }
 
+    private void recordHistory(User user, PointHistoryType type, int amount,
+                               Post post, Comment comment, User fromUser) {
+        PointHistory history = new PointHistory();
+        history.setUser(user);
+        history.setType(type);
+        history.setAmount(amount);
+        history.setBalance(user.getPoint());
+        history.setPost(post);
+        history.setComment(comment);
+        history.setFromUser(fromUser);
+        history.setCreatedAt(java.time.LocalDateTime.now());
+        pointHistoryRepository.save(history);
+    }
+
     // 同时为评论者和发帖人增加积分，返回值为评论者增加的积分数
     // 注意需要考虑发帖和回复是同一人的场景
-    public int awardForComment(String commenterName, Long postId) {
+    public int awardForComment(String commenterName, Long postId, Long commentId) {
         // 标记评论者是否已达到积分奖励上限
         boolean isTheRewardCapped = false;
 
         // 根据帖子id找到发帖人
-        User poster = postRepository.findById(postId).orElseThrow().getAuthor();
+        Post post = postRepository.findById(postId).orElseThrow();
+        User poster = post.getAuthor();
+        Comment comment = commentRepository.findById(commentId).orElseThrow();
 
         // 获取评论者的加分日志
         User commenter = userRepository.findByUsername(commenterName).orElseThrow();
@@ -69,15 +103,15 @@ public class PointService {
             } else {
                 log.setCommentCount(log.getCommentCount() + 1);
                 pointLogRepository.save(log);
-                return addPoint(commenter, 10);
+                return addPoint(commenter, 10, PointHistoryType.COMMENT, post, comment, null);
             }
         } else {
-            addPoint(poster, 10);
+            addPoint(poster, 10, PointHistoryType.COMMENT, post, comment, commenter);
             // 如果发帖人与评论者不是同一个，则根据是否达到积分上限来判断评论者加分情况
             if (isTheRewardCapped) {
                 return 0;
             } else {
-                return addPoint(commenter, 10);
+                return addPoint(commenter, 10, PointHistoryType.COMMENT, post, comment, null);
             }
         }
     }
@@ -96,7 +130,8 @@ public class PointService {
         }
 
         // 如果不是同一个，则为发帖人加分
-        return addPoint(poster, 10);
+        Post post = postRepository.findById(postId).orElseThrow();
+        return addPoint(poster, 10, PointHistoryType.POST_LIKED, post, null, reactioner);
     }
 
     // 考虑点赞者和评论者是同一个的情况
@@ -113,7 +148,17 @@ public class PointService {
         }
 
         // 如果不是同一个，则为发帖人加分
-        return addPoint(commenter, 10);
+        Comment comment = commentRepository.findById(commentId).orElseThrow();
+        Post post = comment.getPost();
+        return addPoint(commenter, 10, PointHistoryType.COMMENT_LIKED, post, comment, reactioner);
+    }
+
+    public java.util.List<PointHistory> listHistory(String userName) {
+        User user = userRepository.findByUsername(userName).orElseThrow();
+        if (pointHistoryRepository.countByUser(user) == 0) {
+            recordHistory(user, PointHistoryType.SYSTEM_ONLINE, 0, null, null, null);
+        }
+        return pointHistoryRepository.findByUserOrderByIdDesc(user);
     }
 
 }

backend/src/main/java/com/openisle/service/PostService.java

@@ -67,6 +67,7 @@ public class PostService {
     private final TaskScheduler taskScheduler;
     private final EmailSender emailSender;
     private final ApplicationContext applicationContext;
+    private final PointService pointService;
     private final ConcurrentMap<Long, ScheduledFuture<?>> scheduledFinalizations = new ConcurrentHashMap<>();
     @Value("${app.website-url:https://www.open-isle.com}")
     private String websiteUrl;
@@ -89,6 +90,7 @@ public class PostService {
                        TaskScheduler taskScheduler,
                        EmailSender emailSender,
                        ApplicationContext applicationContext,
+                       PointService pointService,
                        @Value("${app.post.publish-mode:DIRECT}") PublishMode publishMode) {
         this.postRepository = postRepository;
         this.userRepository = userRepository;
@@ -107,6 +109,7 @@ public class PostService {
         this.taskScheduler = taskScheduler;
         this.emailSender = emailSender;
         this.applicationContext = applicationContext;
+        this.pointService = pointService;
         this.publishMode = publishMode;
     }
 
@@ -132,6 +135,26 @@ public class PostService {
         this.publishMode = publishMode;
     }
 
+    public List<Post> listLatestRssPosts(int limit) {
+        Pageable pageable = PageRequest.of(0, limit, Sort.by(Sort.Direction.DESC, "createdAt"));
+        return postRepository.findByStatusAndRssExcludedFalseOrderByCreatedAtDesc(PostStatus.PUBLISHED, pageable);
+    }
+
+    public Post excludeFromRss(Long id) {
+        Post post = postRepository.findById(id).orElseThrow(() -> new com.openisle.exception.NotFoundException("Post not found"));
+        post.setRssExcluded(true);
+        return postRepository.save(post);
+    }
+
+    public Post includeInRss(Long id) {
+        Post post = postRepository.findById(id).orElseThrow(() -> new com.openisle.exception.NotFoundException("Post not found"));
+        post.setRssExcluded(false);
+        post = postRepository.save(post);
+        notificationService.createNotification(post.getAuthor(), NotificationType.POST_FEATURED, post, null, null, null, null, null);
+        pointService.awardForFeatured(post.getAuthor().getUsername(), post.getId());
+        return post;
+    }
+
     public Post createPost(String username,
                            Long categoryId,
                            String title,
@@ -441,6 +464,34 @@ public class PostService {
         return paginate(sortByPinnedAndCreated(posts), page, pageSize);
     }
 
+    public List<Post> listFeaturedPosts(List<Long> categoryIds,
+                                        List<Long> tagIds,
+                                        Integer page,
+                                        Integer pageSize) {
+        List<Post> posts;
+        boolean hasCategories = categoryIds != null && !categoryIds.isEmpty();
+        boolean hasTags = tagIds != null && !tagIds.isEmpty();
+
+        if (hasCategories && hasTags) {
+            posts = listPostsByCategoriesAndTags(categoryIds, tagIds, null, null);
+        } else if (hasCategories) {
+            posts = listPostsByCategories(categoryIds, null, null);
+        } else if (hasTags) {
+            posts = listPostsByTags(tagIds, null, null);
+        } else {
+            posts = listPosts();
+        }
+
+        // 仅保留 getRssExcluded 为 0 且不为空
+        // 若字段类型是 Boolean（包装类型），0 等价于 false：
+        posts = posts.stream()
+                .filter(p -> p.getRssExcluded() != null && !p.getRssExcluded())
+                .toList();
+
+        return paginate(sortByPinnedAndCreated(posts), page, pageSize);
+    }
+
+
     public List<Post> listPendingPosts() {
         return postRepository.findByStatus(PostStatus.PENDING);
     }
@@ -495,6 +546,30 @@ public class PostService {
         return postRepository.save(post);
     }
 
+    public Post closePost(Long id, String username) {
+        Post post = postRepository.findById(id)
+                .orElseThrow(() -> new com.openisle.exception.NotFoundException("Post not found"));
+        User user = userRepository.findByUsername(username)
+                .orElseThrow(() -> new com.openisle.exception.NotFoundException("User not found"));
+        if (!user.getId().equals(post.getAuthor().getId()) && user.getRole() != Role.ADMIN) {
+            throw new IllegalArgumentException("Unauthorized");
+        }
+        post.setClosed(true);
+        return postRepository.save(post);
+    }
+
+    public Post reopenPost(Long id, String username) {
+        Post post = postRepository.findById(id)
+                .orElseThrow(() -> new com.openisle.exception.NotFoundException("Post not found"));
+        User user = userRepository.findByUsername(username)
+                .orElseThrow(() -> new com.openisle.exception.NotFoundException("User not found"));
+        if (!user.getId().equals(post.getAuthor().getId()) && user.getRole() != Role.ADMIN) {
+            throw new IllegalArgumentException("Unauthorized");
+        }
+        post.setClosed(false);
+        return postRepository.save(post);
+    }
+
     @org.springframework.transaction.annotation.Transactional
     public Post updatePost(Long id,
                            String username,
@@ -538,7 +613,9 @@ public class PostService {
                 .orElseThrow(() -> new com.openisle.exception.NotFoundException("Post not found"));
         User user = userRepository.findByUsername(username)
                 .orElseThrow(() -> new com.openisle.exception.NotFoundException("User not found"));
-        if (!user.getId().equals(post.getAuthor().getId()) && user.getRole() != Role.ADMIN) {
+        User author = post.getAuthor();
+        boolean adminDeleting = !user.getId().equals(author.getId()) && user.getRole() == Role.ADMIN;
+        if (!user.getId().equals(author.getId()) && user.getRole() != Role.ADMIN) {
             throw new IllegalArgumentException("Unauthorized");
         }
         for (Comment c : commentRepository.findByPostAndParentIsNullOrderByCreatedAtAsc(post)) {
@@ -555,7 +632,12 @@ public class PostService {
                 future.cancel(false);
             }
         }
+        String title = post.getTitle();
         postRepository.delete(post);
+        if (adminDeleting) {
+            notificationService.createNotification(author, NotificationType.POST_DELETED,
+                    null, null, null, user, null, title);
+        }
     }
 
     public java.util.List<Post> getPostsByIds(java.util.List<Long> ids) {

backend/src/main/java/com/openisle/service/TwitterAuthService.java

@@ -33,11 +33,12 @@ public class TwitterAuthService {
     @Value("${twitter.client-secret:}")
     private String clientSecret;
 
-    public Optional<User> authenticate(
+    public Optional<AuthResult> authenticate(
             String code,
             String codeVerifier,
             RegisterMode mode,
-            String redirectUri) {
+            String redirectUri,
+            boolean viaInvite) {
 
         logger.debug("Starting authentication with code {} and verifier {}", code, codeVerifier);
 
@@ -106,10 +107,10 @@ public class TwitterAuthService {
         // Twitter v2 默认拿不到 email；如果你申请到 email.scope，可改用 /2/users/:id?user.fields=email
         String email = username + "@twitter.com";
         logger.debug("Processing user {} with email {}", username, email);
-        return Optional.of(processUser(email, username, avatar, mode));
+        return Optional.of(processUser(email, username, avatar, mode, viaInvite));
     }
 
-    private User processUser(String email, String username, String avatar, com.openisle.model.RegisterMode mode) {
+    private AuthResult processUser(String email, String username, String avatar, com.openisle.model.RegisterMode mode, boolean viaInvite) {
         Optional<User> existing = userRepository.findByEmail(email);
         if (existing.isPresent()) {
             User user = existing.get();
@@ -119,7 +120,7 @@ public class TwitterAuthService {
                 userRepository.save(user);
             }
             logger.debug("Existing user {} authenticated", user.getUsername());
-            return user;
+            return new AuthResult(user, false);
         }
         String baseUsername = username != null ? username : email.split("@")[0];
         String finalUsername = baseUsername;
@@ -133,13 +134,13 @@ public class TwitterAuthService {
         user.setPassword("");
         user.setRole(Role.USER);
         user.setVerified(true);
-        user.setApproved(mode == com.openisle.model.RegisterMode.DIRECT);
+        user.setApproved(mode == com.openisle.model.RegisterMode.DIRECT || viaInvite);
         if (avatar != null) {
             user.setAvatar(avatar);
         } else {
             user.setAvatar("https://twitter.com/" + finalUsername + "/profile_image");
         }
         logger.debug("Creating new user {}", finalUsername);
-        return userRepository.save(user);
+        return new AuthResult(userRepository.save(user), true);
     }
 }

backend/src/main/java/com/openisle/service/UserService.java

@@ -74,6 +74,13 @@ public class UserService {
         return userRepository.save(user);
     }
 
+    public User registerWithInvite(String username, String email, String password) {
+        User user = register(username, email, password, "", com.openisle.model.RegisterMode.DIRECT);
+        user.setVerified(true);
+        user.setVerificationCode(genCode());
+        return userRepository.save(user);
+    }
+
     private String genCode() {
         return String.format("%06d", new Random().nextInt(1000000));
     }

backend/src/main/resources/application.properties

@@ -10,6 +10,7 @@ spring.jpa.hibernate.ddl-auto=update
 app.jwt.secret=${JWT_SECRET:jwt_sec}
 app.jwt.reason-secret=${JWT_REASON_SECRET:jwt_reason_sec}
 app.jwt.reset-secret=${JWT_RESET_SECRET:jwt_reset_sec}
+app.jwt.invite-secret=${JWT_INVITE_SECRET:jwt_invite_sec}
 # 30 days
 app.jwt.expiration=${JWT_EXPIRATION:2592000000}
 # Password strength: LOW, MEDIUM or HIGH

backend/src/main/resources/db/migration/V2__add_rss_excluded_to_posts.sql

@@ -0,0 +1 @@
+ALTER TABLE posts ADD COLUMN rss_excluded BOOLEAN NOT NULL DEFAULT 0;

backend/src/test/java/com/openisle/controller/NotificationControllerTest.java

@@ -45,7 +45,7 @@ class NotificationControllerTest {
         p.setId(2L);
         n.setPost(p);
         n.setCreatedAt(LocalDateTime.now());
-        when(notificationService.listNotifications("alice", null))
+        when(notificationService.listNotifications("alice", null, 0, 30))
                 .thenReturn(List.of(n));
 
         NotificationDto dto = new NotificationDto();
@@ -62,6 +62,24 @@ class NotificationControllerTest {
                 .andExpect(jsonPath("$[0].post.id").value(2));
     }
 
+    @Test
+    void listUnreadNotifications() throws Exception {
+        Notification n = new Notification();
+        n.setId(5L);
+        n.setType(NotificationType.POST_VIEWED);
+        when(notificationService.listNotifications("alice", false, 0, 30))
+                .thenReturn(List.of(n));
+
+        NotificationDto dto = new NotificationDto();
+        dto.setId(5L);
+        when(notificationMapper.toDto(n)).thenReturn(dto);
+
+        mockMvc.perform(get("/api/notifications/unread")
+                        .principal(new UsernamePasswordAuthenticationToken("alice","p")))
+                .andExpect(status().isOk())
+                .andExpect(jsonPath("$[0].id").value(5));
+    }
+
     @Test
     void markReadEndpoint() throws Exception {
         mockMvc.perform(post("/api/notifications/read")

backend/src/test/java/com/openisle/service/MedalServiceTest.java

@@ -27,7 +27,7 @@ class MedalServiceTest {
 
         List<MedalDto> medals = service.getMedals(null);
         medals.forEach(m -> assertFalse(m.isCompleted()));
-        assertEquals(5, medals.size());
+        assertEquals(6, medals.size());
     }
 
     @Test

backend/src/test/java/com/openisle/service/NotificationServiceTest.java

@@ -11,6 +11,9 @@ import org.mockito.Mockito;
 
 import java.util.List;
 import java.util.Optional;
+import java.util.HashSet;
+import org.springframework.data.domain.PageImpl;
+import org.springframework.data.domain.Pageable;
 
 import static org.junit.jupiter.api.Assertions.*;
 import static org.mockito.Mockito.*;
@@ -62,15 +65,17 @@ class NotificationServiceTest {
         User user = new User();
         user.setId(2L);
         user.setUsername("bob");
+        user.setDisabledNotificationTypes(new HashSet<>());
         when(uRepo.findByUsername("bob")).thenReturn(Optional.of(user));
 
         Notification n = new Notification();
-        when(nRepo.findByUserOrderByCreatedAtDesc(user)).thenReturn(List.of(n));
+        when(nRepo.findByUserOrderByCreatedAtDesc(eq(user), any(Pageable.class)))
+                .thenReturn(new PageImpl<>(List.of(n)));
 
-        List<Notification> list = service.listNotifications("bob", null);
+        List<Notification> list = service.listNotifications("bob", null, 0, 10);
 
         assertEquals(1, list.size());
-        verify(nRepo).findByUserOrderByCreatedAtDesc(user);
+        verify(nRepo).findByUserOrderByCreatedAtDesc(eq(user), any(Pageable.class));
     }
 
     @Test
@@ -87,6 +92,7 @@ class NotificationServiceTest {
         User user = new User();
         user.setId(3L);
         user.setUsername("carl");
+        user.setDisabledNotificationTypes(new HashSet<>());
         when(uRepo.findByUsername("carl")).thenReturn(Optional.of(user));
         when(nRepo.countByUserAndRead(user, false)).thenReturn(5L);
 
@@ -96,6 +102,56 @@ class NotificationServiceTest {
         verify(nRepo).countByUserAndRead(user, false);
     }
 
+    @Test
+    void listNotificationsFiltersDisabledTypes() {
+        NotificationRepository nRepo = mock(NotificationRepository.class);
+        UserRepository uRepo = mock(UserRepository.class);
+        ReactionRepository rRepo = mock(ReactionRepository.class);
+        EmailSender email = mock(EmailSender.class);
+        PushNotificationService push = mock(PushNotificationService.class);
+        Executor executor = Runnable::run;
+        NotificationService service = new NotificationService(nRepo, uRepo, email, push, rRepo, executor);
+        org.springframework.test.util.ReflectionTestUtils.setField(service, "websiteUrl", "https://ex.com");
+
+        User user = new User();
+        user.setId(4L);
+        user.setUsername("dana");
+        when(uRepo.findByUsername("dana")).thenReturn(Optional.of(user));
+
+        Notification n = new Notification();
+        when(nRepo.findByUserAndTypeNotInOrderByCreatedAtDesc(eq(user), eq(user.getDisabledNotificationTypes()), any(Pageable.class)))
+                .thenReturn(new PageImpl<>(List.of(n)));
+
+        List<Notification> list = service.listNotifications("dana", null, 0, 10);
+
+        assertEquals(1, list.size());
+        verify(nRepo).findByUserAndTypeNotInOrderByCreatedAtDesc(eq(user), eq(user.getDisabledNotificationTypes()), any(Pageable.class));
+    }
+
+    @Test
+    void countUnreadFiltersDisabledTypes() {
+        NotificationRepository nRepo = mock(NotificationRepository.class);
+        UserRepository uRepo = mock(UserRepository.class);
+        ReactionRepository rRepo = mock(ReactionRepository.class);
+        EmailSender email = mock(EmailSender.class);
+        PushNotificationService push = mock(PushNotificationService.class);
+        Executor executor = Runnable::run;
+        NotificationService service = new NotificationService(nRepo, uRepo, email, push, rRepo, executor);
+        org.springframework.test.util.ReflectionTestUtils.setField(service, "websiteUrl", "https://ex.com");
+
+        User user = new User();
+        user.setId(5L);
+        user.setUsername("erin");
+        when(uRepo.findByUsername("erin")).thenReturn(Optional.of(user));
+        when(nRepo.countByUserAndReadAndTypeNotIn(eq(user), eq(false), eq(user.getDisabledNotificationTypes())))
+                .thenReturn(2L);
+
+        long count = service.countUnread("erin");
+
+        assertEquals(2L, count);
+        verify(nRepo).countByUserAndReadAndTypeNotIn(eq(user), eq(false), eq(user.getDisabledNotificationTypes()));
+    }
+
     @Test
     void createRegisterRequestNotificationsDeletesOldOnes() {
         NotificationRepository nRepo = mock(NotificationRepository.class);
@@ -144,6 +200,30 @@ class NotificationServiceTest {
         verify(nRepo).save(any(Notification.class));
     }
 
+    @Test
+    void createPointRedeemNotificationsDeletesOldOnes() {
+        NotificationRepository nRepo = mock(NotificationRepository.class);
+        UserRepository uRepo = mock(UserRepository.class);
+        ReactionRepository rRepo = mock(ReactionRepository.class);
+        EmailSender email = mock(EmailSender.class);
+        PushNotificationService push = mock(PushNotificationService.class);
+        Executor executor = Runnable::run;
+        NotificationService service = new NotificationService(nRepo, uRepo, email, push, rRepo, executor);
+        org.springframework.test.util.ReflectionTestUtils.setField(service, "websiteUrl", "https://ex.com");
+
+        User admin = new User();
+        admin.setId(10L);
+        User user = new User();
+        user.setId(20L);
+
+        when(uRepo.findByRole(Role.ADMIN)).thenReturn(List.of(admin));
+
+        service.createPointRedeemNotifications(user, "contact");
+
+        verify(nRepo).deleteByTypeAndFromUser(NotificationType.POINT_REDEEM, user);
+        verify(nRepo).save(any(Notification.class));
+    }
+
     @Test
     void createNotificationSendsEmailForCommentReply() {
         NotificationRepository nRepo = mock(NotificationRepository.class);

backend/src/test/java/com/openisle/service/PostServiceTest.java

@@ -34,11 +34,12 @@ class PostServiceTest {
         TaskScheduler taskScheduler = mock(TaskScheduler.class);
         EmailSender emailSender = mock(EmailSender.class);
         ApplicationContext context = mock(ApplicationContext.class);
+        PointService pointService = mock(PointService.class);
 
         PostService service = new PostService(postRepo, userRepo, catRepo, tagRepo, lotteryRepo,
                 notifService, subService, commentService, commentRepo,
                 reactionRepo, subRepo, notificationRepo, postReadService,
-                imageUploader, taskScheduler, emailSender, context, PublishMode.DIRECT);
+                imageUploader, taskScheduler, emailSender, context, pointService, PublishMode.DIRECT);
         when(context.getBean(PostService.class)).thenReturn(service);
 
         Post post = new Post();
@@ -61,6 +62,59 @@ class PostServiceTest {
         verify(postRepo).delete(post);
     }
 
+    @Test
+    void deletePostByAdminNotifiesAuthor() {
+        PostRepository postRepo = mock(PostRepository.class);
+        UserRepository userRepo = mock(UserRepository.class);
+        CategoryRepository catRepo = mock(CategoryRepository.class);
+        TagRepository tagRepo = mock(TagRepository.class);
+        LotteryPostRepository lotteryRepo = mock(LotteryPostRepository.class);
+        NotificationService notifService = mock(NotificationService.class);
+        SubscriptionService subService = mock(SubscriptionService.class);
+        CommentService commentService = mock(CommentService.class);
+        CommentRepository commentRepo = mock(CommentRepository.class);
+        ReactionRepository reactionRepo = mock(ReactionRepository.class);
+        PostSubscriptionRepository subRepo = mock(PostSubscriptionRepository.class);
+        NotificationRepository notificationRepo = mock(NotificationRepository.class);
+        PostReadService postReadService = mock(PostReadService.class);
+        ImageUploader imageUploader = mock(ImageUploader.class);
+        TaskScheduler taskScheduler = mock(TaskScheduler.class);
+        EmailSender emailSender = mock(EmailSender.class);
+        ApplicationContext context = mock(ApplicationContext.class);
+        PointService pointService = mock(PointService.class);
+
+        PostService service = new PostService(postRepo, userRepo, catRepo, tagRepo, lotteryRepo,
+                notifService, subService, commentService, commentRepo,
+                reactionRepo, subRepo, notificationRepo, postReadService,
+                imageUploader, taskScheduler, emailSender, context, pointService, PublishMode.DIRECT);
+        when(context.getBean(PostService.class)).thenReturn(service);
+
+        Post post = new Post();
+        post.setId(1L);
+        post.setTitle("T");
+        post.setContent("");
+        User author = new User();
+        author.setId(2L);
+        author.setRole(Role.USER);
+        post.setAuthor(author);
+
+        User admin = new User();
+        admin.setId(1L);
+        admin.setRole(Role.ADMIN);
+
+        when(postRepo.findById(1L)).thenReturn(Optional.of(post));
+        when(userRepo.findByUsername("admin")).thenReturn(Optional.of(admin));
+        when(commentRepo.findByPostAndParentIsNullOrderByCreatedAtAsc(post)).thenReturn(List.of());
+        when(reactionRepo.findByPost(post)).thenReturn(List.of());
+        when(subRepo.findByPost(post)).thenReturn(List.of());
+        when(notificationRepo.findByPost(post)).thenReturn(List.of());
+
+        service.deletePost(1L, "admin");
+
+        verify(notifService).createNotification(eq(author), eq(NotificationType.POST_DELETED), isNull(),
+                isNull(), isNull(), eq(admin), isNull(), eq("T"));
+    }
+
     @Test
     void createPostRespectsRateLimit() {
         PostRepository postRepo = mock(PostRepository.class);
@@ -80,11 +134,12 @@ class PostServiceTest {
         TaskScheduler taskScheduler = mock(TaskScheduler.class);
         EmailSender emailSender = mock(EmailSender.class);
         ApplicationContext context = mock(ApplicationContext.class);
+        PointService pointService = mock(PointService.class);
 
         PostService service = new PostService(postRepo, userRepo, catRepo, tagRepo, lotteryRepo,
                 notifService, subService, commentService, commentRepo,
                 reactionRepo, subRepo, notificationRepo, postReadService,
-                imageUploader, taskScheduler, emailSender, context, PublishMode.DIRECT);
+                imageUploader, taskScheduler, emailSender, context, pointService, PublishMode.DIRECT);
         when(context.getBean(PostService.class)).thenReturn(service);
 
         when(postRepo.countByAuthorAfter(eq("alice"), any())).thenReturn(1L);
@@ -113,11 +168,12 @@ class PostServiceTest {
         TaskScheduler taskScheduler = mock(TaskScheduler.class);
         EmailSender emailSender = mock(EmailSender.class);
         ApplicationContext context = mock(ApplicationContext.class);
+        PointService pointService = mock(PointService.class);
 
         PostService service = new PostService(postRepo, userRepo, catRepo, tagRepo, lotteryRepo,
                 notifService, subService, commentService, commentRepo,
                 reactionRepo, subRepo, notificationRepo, postReadService,
-                imageUploader, taskScheduler, emailSender, context, PublishMode.DIRECT);
+                imageUploader, taskScheduler, emailSender, context, pointService, PublishMode.DIRECT);
         when(context.getBean(PostService.class)).thenReturn(service);
 
         User author = new User();

frontend_nuxt/.env.example

@@ -1,4 +1,13 @@
+; 本地部署后端
+; NUXT_PUBLIC_API_BASE_URL=https://127.0.0.1:8081
+; 预发环境后端
+; NUXT_PUBLIC_API_BASE_URL=https://staging.open-isle.com
+; 生产环境后端
 NUXT_PUBLIC_API_BASE_URL=https://www.open-isle.com
+
+; 预发环境
+; NUXT_PUBLIC_WEBSITE_BASE_URL=https://staging.open-isle.com
+; 正式环境/生产环境
 NUXT_PUBLIC_WEBSITE_BASE_URL=https://www.open-isle.com
 NUXT_PUBLIC_GOOGLE_CLIENT_ID=777830451304-nt8afkkap18gui4f9entcha99unal744.apps.googleusercontent.com
 NUXT_PUBLIC_GITHUB_CLIENT_ID=Ov23liVkO1NPAX5JyWxJ

frontend_nuxt/.env.staging.example

@@ -0,0 +1,16 @@
+; 本地部署后端
+; NUXT_PUBLIC_API_BASE_URL=https://127.0.0.1:8081
+; 预发环境后端
+NUXT_PUBLIC_API_BASE_URL=https://staging.open-isle.com
+; 生产环境后端
+; NUXT_PUBLIC_API_BASE_URL=https://www.open-isle.com
+
+; 预发环境
+NUXT_PUBLIC_WEBSITE_BASE_URL=https://staging.open-isle.com
+; 正式环境/生产环境
+; NUXT_PUBLIC_WEBSITE_BASE_URL=https://www.open-isle.com
+
+NUXT_PUBLIC_GOOGLE_CLIENT_ID=777830451304-nt8afkkap18gui4f9entcha99unal744.apps.googleusercontent.com
+NUXT_PUBLIC_GITHUB_CLIENT_ID=Ov23liVkO1NPAX5JyWxJ
+NUXT_PUBLIC_DISCORD_CLIENT_ID=1394985417044000779
+NUXT_PUBLIC_TWITTER_CLIENT_ID=ZTRTU05KSk9KTTJrTTdrVC1tc1E6MTpjaQ

frontend_nuxt/app.vue

@@ -16,11 +16,12 @@
         <NuxtPage keepalive />
       </div>
 
-      <div v-if="showNewPostIcon && isMobile" class="new-post-icon" @click="goToNewPost">
+      <div v-if="showNewPostIcon && isMobile" class="app-new-post-icon" @click="goToNewPost">
         <i class="fas fa-edit"></i>
       </div>
     </div>
     <GlobalPopups />
+    <ConfirmDialog />
   </div>
 </template>
 
@@ -28,6 +29,7 @@
 import HeaderComponent from '~/components/HeaderComponent.vue'
 import MenuComponent from '~/components/MenuComponent.vue'
 import GlobalPopups from '~/components/GlobalPopups.vue'
+import ConfirmDialog from '~/components/ConfirmDialog.vue'
 import { useIsMobile } from '~/utils/screen'
 
 const isMobile = useIsMobile()
@@ -74,7 +76,18 @@ const goToNewPost = () => {
 </script>
 
 <style src="~/assets/global.css"></style>
-<style scoped>
+<style>
+/* 页面过渡效果 */
+.page-enter-active,
+.page-leave-active {
+  transition: all 0.4s;
+}
+.page-enter-from,
+.page-leave-to {
+  opacity: 0;
+  filter: blur(10px);
+}
+
 .header-container {
   position: fixed;
   top: 0;
@@ -107,7 +120,7 @@ const goToNewPost = () => {
   margin: 0 auto;
 }
 
-.new-post-icon {
+.app-new-post-icon {
   background-color: var(--new-post-icon-color);
   color: white;
   width: 60px;
@@ -120,7 +133,7 @@ const goToNewPost = () => {
   cursor: pointer;
   z-index: 1000;
   display: flex;
-  backdrop-filter: blur(5px);
+  backdrop-filter: var(--blur-5);
   justify-content: center;
   align-items: center;
 }

frontend_nuxt/assets/global.css

@@ -7,13 +7,18 @@
   --header-background-color: white;
   --header-border-color: lightgray;
   --header-text-color: black;
-  --menu-background-color: white;
+  --blur-1: blur(1px);
+  --blur-2: blur(2px);
+  --blur-4: blur(4px);
+  --blur-5: blur(5px);
+  --blur-10: blur(10px);
+  /* 加一个app前缀防止与firefox的userChrome.css中的--menu-background-color冲突 */
+  --app-menu-background-color: white;
   --background-color: white;
-  /* --background-color-blur: rgba(255, 255, 255, 0.57); */
-  --background-color-blur: var(--background-color);
+  --background-color-blur: rgba(255, 255, 255, 0.57);
   --menu-border-color: lightgray;
   --normal-border-color: lightgray;
-  --menu-selected-background-color: rgba(208, 250, 255, 0.659);
+  --menu-selected-background-color: rgba(228, 228, 228, 0.884);
   --menu-text-color: black;
   --scroller-background-color: rgba(130, 175, 180, 0.5);
   /* --normal-background-color: rgb(241, 241, 241); */
@@ -36,14 +41,14 @@
   --header-border-color: #555;
   --primary-color: rgb(17, 182, 197);
   --primary-color-hover: rgb(13, 137, 151);
+  --new-post-icon-color: rgba(10, 111, 120, 0.598);
   --header-text-color: white;
-  --menu-background-color: #333;
+  --app-menu-background-color: #333;
   --background-color: #333;
   /* --background-color-blur: #333333a4; */
   --background-color-blur: var(--background-color);
   --menu-border-color: #555;
   --normal-border-color: #555;
-  --new-post-icon-color: rgba(10, 111, 120, 0.598);
   --menu-selected-background-color: rgba(255, 255, 255, 0.1);
   --menu-text-color: white;
   /* --normal-background-color: #000000; */
@@ -58,6 +63,15 @@
   --activity-card-background-color: #585858;
 }
 
+:root[data-frosted='off'] {
+  --blur-1: none;
+  --blur-2: none;
+  --blur-4: none;
+  --blur-5: none;
+  --blur-10: none;
+  --background-color-blur: var(--background-color);
+}
+
 body {
   margin: 0;
   padding: 0;
@@ -76,7 +90,8 @@ body {
 }
 
 .vditor-toolbar--pin {
-  top: var(--header-height) !important;
+  top: calc(var(--header-height) + 1px) !important;
+  z-index: 2000;
 }
 
 .vditor-panel {
@@ -169,7 +184,7 @@ body {
   font-family: 'Maple Mono', monospace;
   font-size: 13px;
   border-radius: 4px;
-  white-space: no-wrap;
+  white-space: break-spaces;
   background-color: var(--code-highlight-background-color);
   color: var(--text-color);
 }
@@ -305,6 +320,29 @@ body {
   }
 }
 
+/* Transition API */
+::view-transition-old(root),
+::view-transition-new(root) {
+  animation: none;
+  mix-blend-mode: normal;
+}
+
+::view-transition-old(root) {
+  z-index: 1;
+}
+
+::view-transition-new(root) {
+  z-index: 2147483646;
+}
+
+[data-theme='dark']::view-transition-old(root) {
+  z-index: 2147483646;
+}
+
+[data-theme='dark']::view-transition-new(root) {
+  z-index: 1;
+}
+
 /* NProgress styles */
 #nprogress {
   pointer-events: none;

frontend_nuxt/components/AchievementList.vue

@@ -26,6 +26,9 @@
         <template v-else-if="medal.type === 'POST'">
           {{ medal.currentPostCount }}/{{ medal.targetPostCount }}
         </template>
+        <template v-else-if="medal.type === 'FEATURED'">
+          {{ medal.currentFeaturedCount }}/{{ medal.targetFeaturedCount }}
+        </template>
         <template v-else-if="medal.type === 'CONTRIBUTOR'">
           {{ medal.currentContributionLines }}/{{ medal.targetContributionLines }}
         </template>

frontend_nuxt/components/BasePopup.vue

@@ -41,8 +41,8 @@ export default {
   left: 0;
   right: 0;
   bottom: 0;
-  backdrop-filter: blur(2px);
-  -webkit-backdrop-filter: blur(2px);
+  backdrop-filter: var(--blur-2);
+  -webkit-backdrop-filter: var(--blur-2);
 }
 .popup-content {
   position: relative;

frontend_nuxt/components/BaseSwitch.vue

@@ -0,0 +1,65 @@
+<template>
+  <label class="switch">
+    <input
+      type="checkbox"
+      :checked="modelValue"
+      @change="$emit('update:modelValue', $event.target.checked)"
+    />
+    <span class="slider"></span>
+  </label>
+</template>
+
+<script setup>
+defineProps({
+  modelValue: { type: Boolean, default: false },
+})
+
+defineEmits(['update:modelValue'])
+</script>
+
+<style scoped>
+.switch {
+  position: relative;
+  display: inline-block;
+  width: 40px;
+  height: 20px;
+}
+
+.switch input {
+  opacity: 0;
+  width: 0;
+  height: 0;
+}
+
+.slider {
+  position: absolute;
+  cursor: pointer;
+  top: 0;
+  left: 0;
+  right: 0;
+  bottom: 0;
+  background-color: #ccc;
+  transition: 0.2s;
+  border-radius: 20px;
+}
+
+.slider:before {
+  position: absolute;
+  content: '';
+  height: 16px;
+  width: 16px;
+  left: 2px;
+  bottom: 2px;
+  background-color: white;
+  transition: 0.2s;
+  border-radius: 50%;
+}
+
+input:checked + .slider {
+  background-color: var(--primary-color);
+}
+
+input:checked + .slider:before {
+  transform: translateX(20px);
+}
+</style>

frontend_nuxt/components/BaseTimeline.vue

@@ -41,6 +41,12 @@ export default {
   margin-top: 10px;
 }
 
+.timeline-item:hover {
+  background-color: var(--menu-selected-background-color);
+  transition: background-color 0.2s;
+  border-radius: 10px;
+}
+
 .timeline-icon {
   position: sticky;
   top: 0;

frontend_nuxt/components/CommentEditor.vue

@@ -22,6 +22,7 @@ import {
   getEditorTheme as getEditorThemeUtil,
   getPreviewTheme as getPreviewThemeUtil,
 } from '~/utils/vditor'
+import '~/assets/global.css'
 import LoginOverlay from '~/components/LoginOverlay.vue'
 
 export default {

frontend_nuxt/components/CommentItem.vue

@@ -16,11 +16,11 @@
         <div class="info-content-header-left">
           <span class="user-name">{{ comment.userName }}</span>
           <i class="fas fa-medal medal-icon"></i>
-          <router-link
+          <NuxtLink
             v-if="comment.medal"
             class="medal-name"
             :to="`/users/${comment.userId}?tab=achievements`"
-            >{{ getMedalTitle(comment.medal) }}</router-link
+            >{{ getMedalTitle(comment.medal) }}</NuxtLink
           >
           <i v-if="comment.pinned" class="fas fa-thumbtack pin-icon"></i>
           <span v-if="level >= 2">
@@ -57,7 +57,7 @@
           v-if="showEditor"
           @submit="submitReply"
           :loading="isWaitingForReply"
-          :disabled="!loggedIn"
+          :disabled="!loggedIn || postClosed"
           :show-login-overlay="!loggedIn"
           :parent-user-name="comment.userName"
         />
@@ -76,6 +76,7 @@
               :level="level + 1"
               :default-show-replies="item.openReplies"
               :post-author-id="postAuthorId"
+              :post-closed="postClosed"
             />
           </template>
         </BaseTimeline>
@@ -122,6 +123,10 @@ const props = defineProps({
     type: [Number, String],
     required: true,
   },
+  postClosed: {
+    type: Boolean,
+    default: false,
+  },
 })
 
 const emit = defineEmits(['deleted'])
@@ -148,6 +153,7 @@ const toggleReplies = () => {
 }
 
 const toggleEditor = () => {
+  if (props.postClosed) return
   showEditor.value = !showEditor.value
   if (showEditor.value) {
     setTimeout(() => {
@@ -213,6 +219,10 @@ const deleteComment = async () => {
 }
 const submitReply = async (parentUserName, text, clear) => {
   if (!text.trim()) return
+  if (props.postClosed) {
+    toast.error('帖子已关闭')
+    return
+  }
   isWaitingForReply.value = true
   const token = getToken()
   if (!token) {

frontend_nuxt/components/ConfirmDialog.vue

@@ -0,0 +1,71 @@
+<template>
+  <BasePopup :visible="visible" @close="onCancel">
+    <div class="confirm-dialog" role="dialog" aria-modal="true">
+      <h3 class="confirm-title">{{ title }}</h3>
+      <p class="confirm-message">{{ message }}</p>
+      <div class="confirm-actions">
+        <div class="cancel-button" @click="onCancel">取消</div>
+        <div class="confirm-button" @click="onConfirm">确认</div>
+      </div>
+    </div>
+  </BasePopup>
+</template>
+
+<script setup lang="ts">
+import BasePopup from '~/components/BasePopup.vue'
+import { useConfirm } from '~/composables/useConfirm'
+
+const { visible, title, message, onConfirm, onCancel } = useConfirm()
+</script>
+
+<style scoped>
+.confirm-dialog {
+  padding: 20px;
+  text-align: center;
+}
+.confirm-title {
+  margin-top: 0;
+  font-size: 18px;
+  font-weight: 600;
+}
+.confirm-message {
+  margin: 16px 0 20px;
+  line-height: 1.6;
+  color: var(--text-secondary, #666);
+}
+.confirm-actions {
+  display: flex;
+  justify-content: center;
+  gap: 12px;
+}
+.confirm-button,
+.cancel-button {
+  min-width: 88px;
+  height: 36px;
+  padding: 0 14px;
+  border-radius: 8px;
+  cursor: pointer;
+  border: 1px solid transparent;
+}
+.confirm-button {
+  background: var(--primary-color);
+  color: #fff;
+  display: flex;
+  align-items: center;
+  justify-content: center;
+}
+.confirm-button:hover {
+  background: var(--primary-color-hover);
+}
+.cancel-button {
+  background: transparent;
+  color: var(--primary-color);
+  border-color: currentColor;
+  display: flex;
+  align-items: center;
+  justify-content: center;
+}
+.cancel-button:hover {
+  opacity: 0.85;
+}
+</style>

frontend_nuxt/components/Dropdown.vue

@@ -114,7 +114,7 @@
 </template>
 
 <script>
-import { ref, computed, watch, onMounted } from 'vue'
+import { computed, onMounted, ref, watch } from 'vue'
 import { useIsMobile } from '~/utils/screen'
 
 export default {
@@ -312,7 +312,7 @@ export default {
   border: none;
   outline: none;
   margin-left: 5px;
-  background-color: var(--menu-background-color);
+  background-color: var(--app-menu-background-color);
   color: var(--text-color);
 }
 
@@ -352,7 +352,7 @@ export default {
   left: 0;
   right: 0;
   bottom: 0;
-  background-color: var(--menu-background-color);
+  background-color: var(--app-menu-background-color);
   z-index: 1300;
   display: flex;
   flex-direction: column;

frontend_nuxt/components/DropdownMenu.vue

@@ -3,22 +3,24 @@
     <div class="dropdown-trigger" @click="toggle">
       <slot name="trigger"></slot>
     </div>
-    <div v-if="visible" class="dropdown-menu-container">
-      <div
-        v-for="(item, idx) in items"
-        :key="idx"
-        class="dropdown-item"
-        :style="{ color: item.color || 'inherit' }"
-        @click="handle(item)"
-      >
-        {{ item.text }}
+    <Transition name="dropdown-menu">
+      <div v-if="visible" class="dropdown-menu-container">
+        <div
+          v-for="(item, idx) in items"
+          :key="idx"
+          class="dropdown-item"
+          :style="{ color: item.color || 'inherit' }"
+          @click="handle(item)"
+        >
+          {{ item.text }}
+        </div>
       </div>
-    </div>
+    </Transition>
   </div>
 </template>
 
 <script>
-import { ref, onMounted, onBeforeUnmount } from 'vue'
+import { onBeforeUnmount, onMounted, ref } from 'vue'
 export default {
   name: 'DropdownMenu',
   props: {
@@ -61,17 +63,28 @@ export default {
   position: relative;
   display: inline-block;
 }
+
 .dropdown-trigger {
   cursor: pointer;
   display: inline-flex;
   align-items: center;
 }
 
+.dropdown-menu-enter-active,
+.dropdown-menu-leave-active {
+  transition: all 0.4s;
+}
+.dropdown-menu-enter-from,
+.dropdown-menu-leave-to {
+  opacity: 0;
+  transform: translateY(-16px);
+}
+
 .dropdown-menu-container {
   position: absolute;
   top: 100%;
   right: 0;
-  background-color: var(--menu-background-color);
+  background-color: var(--app-menu-background-color);
   border: 1px solid var(--normal-border-color);
   box-shadow: 0 2px 6px rgba(0, 0, 0, 0.2);
   border-radius: 8px;
@@ -84,6 +97,7 @@ export default {
   white-space: nowrap;
   cursor: pointer;
 }
+
 .dropdown-item:hover {
   background-color: var(--menu-selected-background-color);
 }

frontend_nuxt/components/GlobalPopups.vue

@@ -8,6 +8,13 @@
     />
     <NotificationSettingPopup :visible="showNotificationPopup" @close="closeNotificationPopup" />
     <MedalPopup :visible="showMedalPopup" :medals="newMedals" @close="closeMedalPopup" />
+
+    <ActivityPopup
+      :visible="showInviteCodePopup"
+      :icon="inviteCodeIcon"
+      text="邀请码活动开始了，速来参与大伙们🔥🔥🔥"
+      @close="closeInviteCodePopup"
+    />
   </div>
 </template>
 
@@ -21,7 +28,10 @@ const config = useRuntimeConfig()
 const API_BASE_URL = config.public.apiBaseUrl
 
 const showMilkTeaPopup = ref(false)
+const showInviteCodePopup = ref(false)
 const milkTeaIcon = ref('')
+const inviteCodeIcon = ref('')
+
 const showNotificationPopup = ref(false)
 const showMedalPopup = ref(false)
 const newMedals = ref([])
@@ -30,6 +40,9 @@ onMounted(async () => {
   await checkMilkTeaActivity()
   if (showMilkTeaPopup.value) return
 
+  await checkInviteCodeActivity()
+  if (showInviteCodePopup.value) return
+
   await checkNotificationSetting()
   if (showNotificationPopup.value) return
 
@@ -37,7 +50,7 @@ onMounted(async () => {
 })
 
 const checkMilkTeaActivity = async () => {
-  if (!process.client) return
+  if (!import.meta.client) return
   if (localStorage.getItem('milkTeaActivityPopupShown')) return
   try {
     const res = await fetch(`${API_BASE_URL}/api/activities`)
@@ -53,26 +66,50 @@ const checkMilkTeaActivity = async () => {
     // ignore network errors
   }
 }
+
+const checkInviteCodeActivity = async () => {
+  if (!import.meta.client) return
+  if (localStorage.getItem('inviteCodeActivityPopupShown')) return
+  try {
+    const res = await fetch(`${API_BASE_URL}/api/activities`)
+    if (res.ok) {
+      const list = await res.json()
+      const a = list.find((i) => i.type === 'INVITE_POINTS' && !i.ended)
+      if (a) {
+        inviteCodeIcon.value = a.icon
+        showInviteCodePopup.value = true
+      }
+    }
+  } catch (e) {
+    // ignore network errors
+  }
+}
+
+const closeInviteCodePopup = () => {
+  if (!import.meta.client) return
+  localStorage.setItem('inviteCodeActivityPopupShown', 'true')
+  showInviteCodePopup.value = false
+}
+
 const closeMilkTeaPopup = () => {
-  if (!process.client) return
+  if (!import.meta.client) return
   localStorage.setItem('milkTeaActivityPopupShown', 'true')
   showMilkTeaPopup.value = false
-  checkNotificationSetting()
 }
+
 const checkNotificationSetting = async () => {
-  if (!process.client) return
+  if (!import.meta.client) return
   if (!authState.loggedIn) return
   if (localStorage.getItem('notificationSettingPopupShown')) return
   showNotificationPopup.value = true
 }
 const closeNotificationPopup = () => {
-  if (!process.client) return
+  if (!import.meta.client) return
   localStorage.setItem('notificationSettingPopupShown', 'true')
   showNotificationPopup.value = false
-  checkNewMedals()
 }
 const checkNewMedals = async () => {
-  if (!process.client) return
+  if (!import.meta.client) return
   if (!authState.loggedIn || !authState.userId) return
   try {
     const res = await fetch(`${API_BASE_URL}/api/medals?userId=${authState.userId}`)
@@ -90,7 +127,7 @@ const checkNewMedals = async () => {
   }
 }
 const closeMedalPopup = () => {
-  if (!process.client) return
+  if (!import.meta.client) return
   const seen = new Set(JSON.parse(localStorage.getItem('seenMedals') || '[]'))
   newMedals.value.forEach((m) => seen.add(m.type))
   localStorage.setItem('seenMedals', JSON.stringify([...seen]))

frontend_nuxt/components/HeaderComponent.vue

@@ -6,9 +6,9 @@
           <button class="menu-btn" ref="menuBtn" @click="$emit('toggle-menu')">
             <i class="fas fa-bars"></i>
           </button>
-          <span v-if="isMobile && unreadCount > 0" class="menu-unread-dot"></span>
+          <span v-if="isMobile && unreadMessageCount > 0" class="menu-unread-dot"></span>
         </div>
-        <NuxtLink class="logo-container" :to="`/`">
+        <NuxtLink class="logo-container" :to="`/`" @click="refrechData">
           <img
             alt="OpenIsle"
             src="https://openisle-1307107697.cos.ap-guangzhou.myqcloud.com/assert/image.png"
@@ -20,18 +20,43 @@
       </div>
 
       <ClientOnly>
-        <div v-if="isLogin" class="header-content-right">
+        <div class="header-content-right">
           <div v-if="isMobile" class="search-icon" @click="search">
             <i class="fas fa-search"></i>
           </div>
 
-          <ToolTip v-if="!isMobile" content="发帖" placement="bottom">
+          <div v-if="isMobile" class="theme-icon" @click="cycleTheme">
+            <i :class="iconClass"></i>
+          </div>
+
+          <div v-if="!isMobile" class="invite_text" @click="copyInviteLink">
+            <i class="fas fa-copy"></i>
+            邀请
+            <i v-if="isCopying" class="fas fa-spinner fa-spin"></i>
+          </div>
+
+          <ToolTip content="复制RSS链接" placement="bottom">
+            <div class="rss-icon" @click="copyRssLink">
+              <i class="fas fa-rss"></i>
+            </div>
+          </ToolTip>
+
+          <ToolTip v-if="!isMobile && isLogin" content="发帖" placement="bottom">
             <div class="new-post-icon" @click="goToNewPost">
               <i class="fas fa-edit"></i>
             </div>
           </ToolTip>
 
-          <DropdownMenu ref="userMenu" :items="headerMenuItems">
+          <ToolTip v-if="isLogin" content="站内信和频道" placement="bottom">
+            <div class="messages-icon" @click="goToMessages">
+              <i class="fas fa-comments"></i>
+              <span v-if="unreadMessageCount > 0" class="unread-badge">{{
+                unreadMessageCount
+              }}</span>
+            </div>
+          </ToolTip>
+
+          <DropdownMenu v-if="isLogin" ref="userMenu" :items="headerMenuItems">
             <template #trigger>
               <div class="avatar-container">
                 <img class="avatar-img" :src="avatar" alt="avatar" />
@@ -39,14 +64,11 @@
               </div>
             </template>
           </DropdownMenu>
-        </div>
 
-        <div v-else class="header-content-right">
-          <div v-if="isMobile" class="search-icon" @click="search">
-            <i class="fas fa-search"></i>
+          <div v-if="!isLogin" class="auth-btns">
+            <div class="header-content-item-main" @click="goToLogin">登录</div>
+            <div class="header-content-item-secondary" @click="goToSignup">注册</div>
           </div>
-          <div class="header-content-item-main" @click="goToLogin">登录</div>
-          <div class="header-content-item-secondary" @click="goToSignup">注册</div>
         </div>
       </ClientOnly>
 
@@ -62,8 +84,15 @@ import DropdownMenu from '~/components/DropdownMenu.vue'
 import ToolTip from '~/components/ToolTip.vue'
 import SearchDropdown from '~/components/SearchDropdown.vue'
 import { authState, clearToken, loadCurrentUser } from '~/utils/auth'
-import { fetchUnreadCount, notificationState } from '~/utils/notification'
+import { useUnreadCount } from '~/composables/useUnreadCount'
 import { useIsMobile } from '~/utils/screen'
+import { themeState, cycleTheme, ThemeMode } from '~/utils/theme'
+import { toast } from '~/main'
+import { getToken } from '~/utils/auth'
+const config = useRuntimeConfig()
+const API_BASE_URL = config.public.apiBaseUrl
+const WEBSITE_BASE_URL = config.public.websiteBaseUrl
+
 const props = defineProps({
   showMenuBtn: {
     type: Boolean,
@@ -73,12 +102,13 @@ const props = defineProps({
 
 const isLogin = computed(() => authState.loggedIn)
 const isMobile = useIsMobile()
-const unreadCount = computed(() => notificationState.unreadCount)
+const { count: unreadMessageCount, fetchUnreadCount } = useUnreadCount()
 const avatar = ref('')
 const showSearch = ref(false)
 const searchDropdown = ref(null)
 const userMenu = ref(null)
 const menuBtn = ref(null)
+const isCopying = ref(false)
 
 const search = () => {
   showSearch.value = true
@@ -97,6 +127,41 @@ const goToLogin = () => {
 const goToSettings = () => {
   navigateTo('/settings', { replace: true })
 }
+
+const copyInviteLink = async () => {
+  isCopying.value = true
+  const token = getToken()
+  if (!token) {
+    toast.error('请先登录')
+    return
+  }
+  try {
+    const res = await fetch(`${API_BASE_URL}/api/invite/generate`, {
+      method: 'POST',
+      headers: { Authorization: `Bearer ${token}` },
+    })
+    if (res.ok) {
+      const data = await res.json()
+      const inviteLink = data.token ? `${WEBSITE_BASE_URL}/signup?invite_token=${data.token}` : ''
+      await navigator.clipboard.writeText(inviteLink)
+      toast.success('邀请链接已复制')
+    } else {
+      const data = await res.json().catch(() => ({}))
+      toast.error(data.error || '生成邀请链接失败')
+    }
+  } catch (e) {
+    toast.error('生成邀请链接失败')
+  } finally {
+    isCopying.value = false
+  }
+}
+
+const copyRssLink = async () => {
+  const rssLink = `${API_BASE_URL}/api/rss`
+  await navigator.clipboard.writeText(rssLink)
+  toast.success('RSS链接已复制')
+}
+
 const goToProfile = async () => {
   if (!authState.loggedIn) {
     navigateTo('/login', { replace: true })
@@ -125,12 +190,32 @@ const goToNewPost = () => {
   navigateTo('/new-post', { replace: false })
 }
 
+const refrechData = async () => {
+  window.dispatchEvent(new Event('refresh-home'))
+}
+
+const goToMessages = () => {
+  navigateTo('/message-box')
+}
+
 const headerMenuItems = computed(() => [
   { text: '设置', onClick: goToSettings },
   { text: '个人主页', onClick: goToProfile },
   { text: '退出', onClick: goToLogout },
 ])
 
+/** 其余逻辑保持不变 */
+const iconClass = computed(() => {
+  switch (themeState.mode) {
+    case ThemeMode.DARK:
+      return 'fas fa-moon'
+    case ThemeMode.LIGHT:
+      return 'fas fa-sun'
+    default:
+      return 'fas fa-desktop'
+  }
+})
+
 onMounted(async () => {
   const updateAvatar = async () => {
     if (authState.loggedIn) {
@@ -142,9 +227,8 @@ onMounted(async () => {
   }
   const updateUnread = async () => {
     if (authState.loggedIn) {
-      await fetchUnreadCount()
-    } else {
-      notificationState.unreadCount = 0
+      // Initialize the unread count composable
+      fetchUnreadCount()
     }
   }
 
@@ -153,7 +237,7 @@ onMounted(async () => {
 
   watch(
     () => authState.loggedIn,
-    async () => {
+    async (isLoggedIn) => {
       await updateAvatar()
       await updateUnread()
     },
@@ -164,11 +248,11 @@ onMounted(async () => {
 <style scoped>
 .header {
   display: flex;
-  justify-content: space-between;
   align-items: center;
+  justify-content: center;
   height: var(--header-height);
   background-color: var(--background-color-blur);
-  backdrop-filter: blur(10px);
+  backdrop-filter: var(--blur-10);
   color: var(--header-text-color);
   border-bottom: 1px solid var(--header-border-color);
 }
@@ -187,11 +271,10 @@ onMounted(async () => {
   display: flex;
   flex-direction: row;
   align-items: center;
-  justify-content: space-between;
   width: 100%;
   height: 100%;
-  margin: 0 auto;
   max-width: var(--page-max-width);
+  backdrop-filter: var(--blur-10);
 }
 
 .header-content-left {
@@ -201,6 +284,14 @@ onMounted(async () => {
 }
 
 .header-content-right {
+  display: flex;
+  margin-left: auto;
+  flex-direction: row;
+  align-items: center;
+  gap: 30px;
+}
+
+.auth-btns {
   display: flex;
   flex-direction: row;
   align-items: center;
@@ -282,15 +373,63 @@ onMounted(async () => {
   background-color: var(--menu-selected-background-color);
 }
 
-.search-icon {
+.search-icon,
+.theme-icon {
   font-size: 18px;
   cursor: pointer;
 }
 
-.new-post-icon {
+.invite_text {
+  font-size: 12px;
+  cursor: pointer;
+  color: var(--primary-color);
+}
+
+.invite_text:hover {
+  text-decoration: underline;
+}
+
+.rss-icon,
+.new-post-icon,
+.messages-icon {
   font-size: 18px;
   cursor: pointer;
-  margin-right: 10px;
+  position: relative;
+}
+
+.unread-badge {
+  position: absolute;
+  top: -5px;
+  right: -10px;
+  background-color: #ff4d4f;
+  color: white;
+  border-radius: 50%;
+  padding: 2px 5px;
+  font-size: 10px;
+  font-weight: bold;
+  line-height: 1;
+  min-width: 16px;
+  text-align: center;
+  box-sizing: border-box;
+}
+
+.rss-icon {
+  animation: rss-glow 2s 3;
+}
+
+@keyframes rss-glow {
+  0% {
+    text-shadow: 0 0 0px var(--primary-color);
+    opacity: 1;
+  }
+  50% {
+    text-shadow: 0 0 12px var(--primary-color);
+    opacity: 0.8;
+  }
+  100% {
+    text-shadow: 0 0 0px var(--primary-color);
+    opacity: 1;
+  }
 }
 
 @media (max-width: 1200px) {
@@ -309,5 +448,9 @@ onMounted(async () => {
   .logo-text {
     display: none;
   }
+
+  .header-content-right {
+    gap: 15px;
+  }
 }
 </style>

frontend_nuxt/components/InfiniteLoadMore.vue

@@ -0,0 +1,102 @@
+<template>
+  <!-- 当 done 后整个容器自动隐藏，不再占位 -->
+  <div v-show="!done" class="infinite-loadmore">
+    <div v-show="isLoading" class="loading-container bottom-loading" aria-live="polite">
+      <l-hatch size="28" stroke="4" speed="3.5" color="var(--primary-color)"></l-hatch>
+    </div>
+    <!-- 永久存在的底部触发器（由组件内部持有与观察） -->
+    <div ref="sentinel" class="load-more-trigger" aria-hidden="true"></div>
+  </div>
+</template>
+
+<script setup>
+import { ref, onMounted, onBeforeUnmount, watch, nextTick } from 'vue'
+
+const props = defineProps({
+  /** 父组件提供：执行“加载下一页”的函数
+   * 返回：
+   *  - boolean：true 表示“已经没有更多数据（done）”
+   *  - { done: boolean }：同上
+   */
+  onLoad: { type: Function, required: true },
+  /** pause=true 时暂停观察（例如首屏/筛选加载过程） */
+  pause: { type: Boolean, default: false },
+  /** 预取范围，默认 200px */
+  rootMargin: { type: String, default: '200px 0px' },
+  /** 触发阈值 */
+  threshold: { type: Number, default: 0 },
+})
+
+const isLoading = ref(false)
+const done = ref(false)
+const sentinel = ref(null)
+let io = null
+
+const stopObserver = () => {
+  if (io) {
+    io.disconnect()
+    io = null
+  }
+}
+
+const startObserver = () => {
+  if (!import.meta.client || props.pause || done.value) return
+  stopObserver()
+  io = new IntersectionObserver(
+    async (entries) => {
+      const e = entries[0]
+      if (!e?.isIntersecting || isLoading.value || done.value) return
+      isLoading.value = true
+      try {
+        const res = await props.onLoad()
+        const finished = typeof res === 'boolean' ? res : !!(res && res.done)
+        if (finished) {
+          done.value = true
+          stopObserver()
+        }
+      } finally {
+        isLoading.value = false
+      }
+    },
+    { root: null, rootMargin: props.rootMargin, threshold: props.threshold },
+  )
+  if (sentinel.value) io.observe(sentinel.value)
+}
+
+onMounted(() => {
+  nextTick(startObserver)
+})
+onBeforeUnmount(stopObserver)
+
+watch(
+  () => props.pause,
+  (p) => {
+    if (p) stopObserver()
+    else nextTick(startObserver)
+  },
+)
+
+/** 父组件可选择性调用，用于外部强制重置（一般直接用 :key 重建更简单） */
+const reset = () => {
+  done.value = false
+  nextTick(startObserver)
+}
+defineExpose({ reset })
+</script>
+
+<style scoped>
+.infinite-loadmore {
+}
+
+.loading-container {
+  display: flex;
+  justify-content: center;
+  align-items: center;
+  height: 100px; /* 与原样式匹配 */
+}
+
+.load-more-trigger {
+  width: 100%;
+  height: 1px;
+}
+</style>