feat: Implement tutorial management system with backend API, data models, search functionality, and frontend integration.

zerox80 · zerox80 · commit f9ceef64eade · 2025-11-18T21:02:59.000+01:00
diff --git a/backend/Cargo.toml b/backend/Cargo.toml
@@ -38,7 +38,7 @@ hmac = "0.12"
 subtle = "2.5"
 
 [dependencies.home]
-version = "=0.5.12"
+version = "=0.5.9"
 
 [dependencies.base64ct]
 version = "=1.8.0"
diff --git a/backend/src/handlers/search.rs b/backend/src/handlers/search.rs
@@ -57,7 +57,7 @@ fn sanitize_fts_query(raw: &str) -> Result<String, String> {
             // Keep only safe characters for FTS5 queries
             let sanitized: String = token
                 .chars()
-                .filter(|c| c.is_ascii_alphanumeric() || matches!(c, '*' | '-' | '_' | '.' | '+' | '#' | '@'))
+                .filter(|c| c.is_ascii_alphanumeric() || matches!(c, '*' | '-' | '_' | '.' | '+' | '#' | '@' | '/' | ':' | '(' | ')' | '[' | ']'))
                 .collect();
             if sanitized.is_empty() {
                 None
diff --git a/backend/src/handlers/tutorials.rs b/backend/src/handlers/tutorials.rs
@@ -43,7 +43,7 @@ pub(crate) fn validate_tutorial_id(id: &str) -> Result<(), String> {
     }
 
     // Ensure only safe characters for database and URL usage
-    if !id.chars().all(|c| c.is_alphanumeric() || c == '-') {
+    if !id.chars().all(|c| c.is_alphanumeric() || c == '-' || c == '_' || c == '.') {
         return Err("Tutorial ID contains invalid characters".to_string());
     }
     Ok(())
@@ -308,7 +308,38 @@ pub async fn create_tutorial(
         return Err((StatusCode::BAD_REQUEST, Json(ErrorResponse { error: e })));
     }
 
-    let id = Uuid::new_v4().to_string();
+    let id = if let Some(custom_id) = &payload.id {
+        let trimmed = custom_id.trim();
+        if let Err(e) = validate_tutorial_id(trimmed) {
+            return Err((StatusCode::BAD_REQUEST, Json(ErrorResponse { error: e })));
+        }
+        // Check for collision
+        let exists: Option<(i64,)> = sqlx::query_as("SELECT 1 FROM tutorials WHERE id = ?")
+            .bind(trimmed)
+            .fetch_optional(&pool)
+            .await
+            .map_err(|e| {
+                tracing::error!("Database error checking ID existence: {}", e);
+                (
+                    StatusCode::INTERNAL_SERVER_ERROR,
+                    Json(ErrorResponse {
+                        error: "Failed to create tutorial".to_string(),
+                    }),
+                )
+            })?;
+            
+        if exists.is_some() {
+             return Err((
+                StatusCode::CONFLICT,
+                Json(ErrorResponse {
+                    error: "Tutorial ID already exists".to_string(),
+                }),
+            ));
+        }
+        trimmed.to_string()
+    } else {
+        Uuid::new_v4().to_string()
+    };
     let sanitized_topics = sanitize_topics(&payload.topics)
         .map_err(|e| (StatusCode::BAD_REQUEST, Json(ErrorResponse { error: e })))?;
     let topics_json = serde_json::to_string(&sanitized_topics).map_err(|e| {
diff --git a/backend/src/models.rs b/backend/src/models.rs
@@ -74,8 +74,10 @@ pub struct CreateTutorialRequest {
     pub color: String,
 
     pub topics: Vec<String>,
-
+    
     pub content: String,
+
+    pub id: Option<String>,
 }
 
 #[derive(Debug, Deserialize)]
diff --git a/src/api/client.js b/src/api/client.js
@@ -17,6 +17,9 @@ export const getApiBaseUrl = () => {
       }
     }
   }
+  if (typeof process !== 'undefined' && process.env && process.env.API_BASE_URL) {
+    return process.env.API_BASE_URL.replace(/\/+$/, '')
+  }
   return typeof window !== 'undefined' ? '/api' : 'http://localhost:8489/api'
 }
 const API_BASE_URL = getApiBaseUrl()
@@ -189,7 +192,7 @@ class ApiClient {
       }
       const contentType = response.headers.get('content-type') || ''
       let payload
-      if (contentType.includes('application/json')) {
+      if (contentType.toLowerCase().includes('application/json')) {
         try {
           payload = await response.json()
         } catch (parseError) {
diff --git a/src/components/Comments.jsx b/src/components/Comments.jsx
@@ -4,7 +4,7 @@ import { useAuth } from '../context/AuthContext';
 import { api } from '../api/client';
 import PropTypes from 'prop-types';
 
-const VALID_TUTORIAL_ID = /^[a-zA-Z0-9_-]+$/;
+const VALID_TUTORIAL_ID = /^[a-zA-Z0-9_.-]+$/;
 const COMMENTS_PER_PAGE = 20;
 
 const Comments = ({ tutorialId }) => {

Original file line number	Diff line number	Diff line change
`@@ -17,6 +17,9 @@ export const getApiBaseUrl = () => {`
`17`	`17`	`}`
`18`	`18`	`}`
`19`	`19`	`}`
	`20`	`+ if (typeof process !== 'undefined' && process.env && process.env.API_BASE_URL) {`
	`21`	`+ return process.env.API_BASE_URL.replace(/\/+$/, '')`
	`22`	`+ }`
`20`	`23`	`return typeof window !== 'undefined' ? '/api' : 'http://localhost:8489/api'`
`21`	`24`	`}`
`22`	`25`	`const API_BASE_URL = getApiBaseUrl()`
`@@ -189,7 +192,7 @@ class ApiClient {`
`189`	`192`	`}`
`190`	`193`	`const contentType = response.headers.get('content-type') \|\| ''`
`191`	`194`	`let payload`
`192`		`- if (contentType.includes('application/json')) {`
	`195`	`+ if (contentType.toLowerCase().includes('application/json')) {`
`193`	`196`	`try {`
`194`	`197`	`payload = await response.json()`
`195`	`198`	`} catch (parseError) {`