v1.0.12 Per board post cooldowns and more

[1.0.12] — 2026-03-07

🔄 Changed

• Database module fixes — threads.rs: added explicit ROLLBACK on failed COMMIT to prevent dirty transaction state. mod.rs: added sort_unstable + dedup to paths_safe_to_delete to eliminate duplicate path entries. mod.rs: added media_type and edited_at columns to the base CREATE TABLE posts schema to match the final migrated state. admin.rs: replaced inlined Post row mapper with shared super::posts::map_post to eliminate duplication. admin.rs: clarified run_wal_checkpoint doc comment on return tuple order.
• Template module fixes — board.rs: fixed archive thumbnail path prefix from /static/ to /boards/. board.rs: moved fmt_ts to the top-level import, removed redundant local use inside archive_page. thread.rs: corrected misleading comment about embed and draft script loading. thread.rs: added doc comment documenting the body_html trust precondition on render_post. forms.rs: removed dead captcha_js variable and no-op string concatenation.
• CSS cleanup — removed 11 dead rules for classes never emitted by templates or JS (.greentext, .quote-link, .admin-thread-del-btn, duplicate .media-expanded, .media-rotate-btn, .thread-id-badge, .quote-block, .quote-toggle, .archive-heading, .autoupdate-bar, .video-player). Fixed two undefined CSS variable references (--font-mono → --font, --bg-body → --bg). Merged duplicate .file-container block into a single declaration.
• Database module split — the 2,264-line monolithic db.rs has been reorganized into five focused modules with zero call-site changes (all existing db:: references compile unchanged):
  • mod.rs (466 lines) — connection pool, shared types (NewPost, CachedFile), schema initialization, shared helpers
  • boards.rs (293 lines) — site settings, board CRUD, stats
  • threads.rs (333 lines) — thread listing, creation, mutation, archiving, pruning
  • posts.rs (642 lines) — post CRUD, file deduplication, polls, job queue, worker helpers
  • admin.rs (558 lines) — admin sessions, bans, word filters, reports, mod log, ban appeals, IP history, maintenance
• Template module split — the 2,736-line monolithic template file has been reorganized into five focused modules with no changes to the public API (all existing handler code works without modification):
  • mod.rs (392 lines) — shared infrastructure: site name/subtitle statics, base layout, pagination, timestamp formatting, utility helpers
  • board.rs (697 lines) — home page, board index, catalog, search, and archive rendering
  • thread.rs (738 lines) — thread view, post rendering, polls, and post edit form
  • admin.rs (760 lines) — login page, admin panel, mod log, VACUUM results, IP history
  • forms.rs (198 lines) — new thread and reply forms, shared across board and thread pages

🔒 Security Fixes

Critical

• PoW bypass on replies — proof-of-work verification was only enforced on new threads but not on replies. Replies now require a valid PoW nonce when the board has CAPTCHA enabled.
• PoW nonce replay — the same proof-of-work solution could be submitted repeatedly. Used nonces are now tracked in memory and rejected within their 5-minute validity window. Stale entries are automatically pruned.

High

• Removed inline JavaScript — all inline <script> blocks and onclick/onchange/onsubmit attributes have been extracted into external .js files. The Content Security Policy now uses script-src 'self' with no unsafe-inline, closing a major XSS surface.
• Backup upload size cap — the restore endpoints previously accepted uploads of unlimited size, risking out-of-memory crashes. Both full and board restore routes are now capped at 512 MiB.

🐛 Fixes

• Post rate limiting simplified — removed the global check_post_rate_limit function that was silently overriding per-board cooldown settings. A board with post_cooldown_secs = 0 now correctly means zero cooldown. The per-board setting is the sole post rate control.
• API endpoints excluded from GET rate limit — hover-preview requests (/api/post/*) were being counted against the navigational rate limit, causing false throttling on threads with many quote links. All /api/ routes are now excluded alongside /static/, /boards/, and /admin/. The GET limiter now only covers page loads that a scraper would target (board index, catalog, archive, threads, search, home).
• Trailing slash 404s — several routes returned 404 when accessed with or without a trailing slash (board index, catalog, archive, thread pages, post editing). Added middleware to normalize trailing slashes so all URL variations resolve correctly. Bookmarks and manually typed URLs now work as expected.