zhiyin

Author	SHA1	Message	Date
yuzhiran	8ee27fdd32	feat: refactor member to pay-per-use gravity purchase; mv webview to clipboard+browser - member.vue: rewrite from subscription plans (free/growth/sprint) to H5-only pay-per-use gravity purchase with quantity selector + QR code - user.vue: gravity card replacing quota card, add share/contribute/H5-buy entry points, plus gravity acquisition modal (share/contribute/buy) - share.vue: layout fix (flex column), smarter copyLink with cached URL, WeChat timeline hint instead of open-type - share.controller.ts: add GET /:shareCode redirect route (IP record + 302) - interview.vue: guest mode fix, H5 buy modal, clipboard copy instead of webview for mini-program - App.vue: handleH5UrlParams for ?token=&buy=gravity auto-login - composables/useGravityPurchase.ts: reusable gravity purchase composable - remove webview.vue (no longer used), replace with clipboard+browser flow - AGENTS.md: sync all above changes, fix duplicate numbering	2026-06-20 20:49:15 +08:00
yuzhiran	2fbab1072f	feat: unified gravity system - VIP members consume gravity instead of unlimited; add monthly gravity top-up cron	2026-06-19 22:43:52 +08:00
yuzhiran	e0de29fdd0	fix: AI LLM backup model not producing content; add retry for thinking models - Replace backup model stepfun-ai/step-3.5-flash with meta/llama-3.1-8b-instruct (stepfun is a thinking model that uses all tokens on reasoning and never outputs content, causing all 3 fallthroughs to fail) - Add retry with doubled max_tokens when primary model returns empty content (deepseek-v4-flash thinking can exhaust token budget) - Increase backup timeout to 120s and max_tokens to min 2048 - Move callApi error handling to return null instead of throw for cleaner fallthrough logic with timeout logging	2026-06-18 19:42:40 +08:00
yuzhiran	6a3cc8544e	fix: handle WeChat Pay public key mode in callback - verifyAndDecrypt now processes decryption even when signature verification fails (decryption key is separate from signature key) - Notify handler uses returnRaw flag to always decrypt resource - Loud log when pub_key.pem verification fails, directs admin to download correct public key from merchant platform	2026-06-18 19:36:19 +08:00
yuzhiran	c161ffbc3c	feat: payment refund support + admin payment management - Add refund()/queryRefund()/downloadPlatformCerts() to WechatPayService - Add refundId field to PaymentOrder schema - Fix WeChat Pay callback to auto-download platform certs on verification failure - Fix syncOrder to handle sprint plan properly - Add admin refund, refund-query, order-detail endpoints - Add refund UI (button, modal, query) to admin.vue orders tab - Fix member.vue MP payment: pass outTradeNo instead of prepayId to pollPayResult	2026-06-18 19:33:10 +08:00
wlt	103dbd3b34	feat: AI岗位专区 — 5个AI岗位置顶 + 首页分组展示 - schema: HotPosition 新增 category 字段 (ai/traditional) - positions: 5 AI岗位 (AI算法/大模型应用/Prompt/AI产品/AI运维) + 7传统岗位 - frontend: 首页拆分 "🔥 AI热门岗位" 置顶高亮 + "更多岗位" 折叠 - ai服务: 新增 primaryFallbackModel (sensenova-6.7-flash-lite) 降级链路	2026-06-17 13:57:18 +08:00
wlt	a5c4bcb821	feat: AI 择业顾问 MVP — 专业分析 + 岗位匹配 + 多轮对话 - backend: career-advice module with analyze/chat/positions endpoints - frontend: career.vue page with profile form, AI advice, recommendation cards - config/api/pages/user.vue: full integration into existing flow - docs: PROJECT-STATUS v4.5, FEATURE-LIST v4.3, ROADMAP v4.3 - AGENTS.md: updated module count and career link paths	2026-06-17 10:32:23 +08:00
wlt	4cd889c081	feat: interview review module with whisper.cpp ASR + AI analysis + frontend page New backend module 'interview-review' provides: - Audio upload (50MB limit, MP3/M4A/WAV/AAC/OGG/MP4/WebM) - Text transcript submission - whisper.cpp local ASR integration (tiny + base models) - AI analysis (4-dimension scoring: logic/expression/professionalism/stability) - Speech analysis (filler words detection, pace, duration) - Async processing pipeline with status polling - Graceful fallback to mock ASR when whisper unavailable New frontend page 'pages/review/review.vue' with 3 modes: - List mode: review history with status indicators - Upload mode: audio file upload or text paste - Report mode: score radar, dimension bars, analysis details Docs updated: PROJECT-STATUS.md v4.4, FEATURE-LIST.md v4.2, ROADMAP.md v4.2	2026-06-16 18:32:25 +08:00
yuzhiran	96c367e0f8	feat: latest code update	2026-06-16 13:18:36 +08:00
yuzhiran	07c6557454	fix: return 200 instead of 201 for all login endpoints (NestJS default)	2026-06-15 10:42:31 +08:00
yuzhiran	18c50726cd	fix: WeChat login Content-Type header, ASR tiny model, re-upload mini-program v1.0.11	2026-06-15 10:00:22 +08:00
yuzhiran	112884a504	fix: PNG face avatar + whisper ASR	2026-06-13 11:04:52 +08:00
yuzhiran	8191cf4b41	feat: realistic face avatar + voice input + ASR endpoint	2026-06-12 15:32:04 +08:00
yuzhiran	d379d181e4	feat: Admin定价管理界面 + 定价DB配置化 (P2)	2026-06-12 09:52:04 +08:00
yuzhiran	a55cb56be2	feat: TTS服务 + 数字人面试组件 (P1)	2026-06-12 09:42:06 +08:00
yuzhiran	065fe7a186	feat: 付费体系重构 P0 - 配额独立化/简历付费下载/PDF生成	2026-06-12 09:31:11 +08:00
yuzhiran	a69aa31836	fix: 小程序 API 域名改为 zhiyin.yzrcloud.cn（与 H5 同域）避免微信白名单问题	2026-06-11 21:02:14 +08:00
yuzhiran	6dfb6bef48	代码评审 & 安全修复后端: - 创建 AdminGuard 替代 12 处手动 role 查库检查，统一用 JWT payload 中的 role - 密码字段 select: false，所有需密码的查询显式 select('+password') - 文件上传接口移除 @Public()，需 JWT 认证 - 管理员搜索关键词限长 50 字符防 ReDoS - CORS 收窄，不再对非生产环境放行所有源 - postbuild 复制 certs 路径同步到 dist/src/certs - package.json main/start:prod 路径更新为 dist/src/main 前端: - resume.vue 文件上传补充 Authorization header - login.vue 移除含用户邮箱的 console.log 日志	2026-06-11 19:55:10 +08:00
yuzhiran	f7da843d56	chore: ignore bun cache and clean up	2026-06-11 19:40:10 +08:00
yuzhiran	e021e194c4	fix: 小程序/H5 API 地址指向错误导致登录失败 - .env.production VITE_PROD_API_HOST 从旧域名 aicc.yzrcloud.cn 改为 zhiyinwx.yzrcloud.cn - config.ts api() 函数增加 MP-WEIXIN 编译分支，小程序直接使用 VITE_PROD_API_HOST，H5 保持同源请求	2026-06-11 19:39:59 +08:00
yuzhiran	c321a8dcb1	chore: clean build artifacts from tracking	2026-06-11 16:40:33 +08:00
yuzhiran	369da9704e	H5构建部署 + 小程序上传 v1.0.3 - 构建 H5 并部署至 zhiyin.yzrcloud.cn（含 nginx /api/ 代理） - 构建并上传微信小程序至微信侧（版本 1.0.3，包体 495KB） - 启动生产后端（端口 3006，zhiyinwx.yzrcloud.cn 代理） - 修复 tsconfig.build.json 缺失导致 dist 输出路径错误	2026-06-11 16:39:12 +08:00
yuzhiran	e6b79ddb21	v4.3 安全修复+代码质量+测试体系+护城河验证 ## 安全修复 (5项) - CRITICAL JWT 硬编码 fallback（jwt.strategy / app.module / user.module） - HIGH seed_admin.js MongoDB 凭据泄漏 - MEDIUM 邮箱验证码泄漏 - MEDIUM 支付订单查询 IDOR - MEDIUM 管理后台 NoSQL 注入 ## 代码质量 (14处) - console.log→Logger（user.service.ts） - as any 类型化（11处跨7个文件） - Schema 联合类型修复（progress.schema） - Module 依赖缺失修复（progress.module） ## 测试体系 (61项) - 后端单元测试 Jest（43项）：BenchmarkService/UserService/PaymentController - 后端集成测试 Supertest（11项）：API 认证/支付/进度/管理 - 前端单元测试 Vitest（7项）：配置文件/API端点 - 浏览器自动化 Playwright（7项）：API smoke test - 覆盖率报告 + e2e 配置 ## 护城河 P0-P5 启动验证通过 + 编译通过	2026-06-11 10:27:35 +08:00
yuzhiran	9276ab9028	v4.2 冲刺版+每日推送+支付修复+全量代码评审 ## 新增功能 - 冲刺版 ¥49.9/月：完整支付→激活→权益扣减链路 - 每日一题定时推送（@nestjs/schedule，早8点微信订阅消息） - miniprogram-ci 编译上传脚本（scripts/upload-mp.js） ## Bug修复 - 套餐值统一：vip→growth/sprint（interview轮次限制、analyze次数检查） - member/pay 移除开发绕过：改为订单校验后激活 - progress→report 参数名不匹配：id→interviewId - result.vue resume.create() 参数传错（对象→独立参数） - resume.vue analyze请求缺少Authorization header - bank.vue contribution请求缺少Authorization header - member.vue startPay() 缺少try/catch导致网络错误崩溃 - login.vue 调试面板 v-if="true" 生产泄漏 ## 配置 - 微信支付生产证书就位（商户号1113760598） - .env 清理冗余文件（删除.example/.production） - WX_NOTIFY_URL 更新为 zhiyinwx.yzrcloud.cn ## 文档 - PROJECT-STATUS.md v4.1→v4.2，状态全面更新 - DEPLOYMENT.md 新增小程序编译上传章节、清理检查清单	2026-06-09 20:03:05 +08:00
yuzhiran	37cfdfe93c	feat: 登录页密码+验证码双模式 / 首页岗位优化 / 法律页面 / 后端接口完善 - 前端：登录页重构，支持密码登录、验证码登录、注册三种模式 - 前端：首页热门岗位添加「参考示例」标签，去虚构数据 - 前端：面试页顶部优化，岗位名+状态标签展示 - 前端：新增用户协议、隐私政策页面及免责声明 - 后端：新增 POST /api/user/register 注册接口 - 后端：新增 POST /api/user/set-password 设置密码接口 - 后端：修复 user.schema.ts unique 索引导致 null 冲突问题 - 后端：新增 payment-order.schema、positions.schema、site-config.schema - 后端：package.json 新增 postbuild 脚本自动复制证书 - 管理后台：新增订单管理 Tab	2026-06-09 15:39:17 +08:00
yuzhiran	511f60d0db	初始化：职引项目 v1.0	2026-06-08 16:28:00 +08:00

26 Commits