You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
41 lines
1.4 KiB
Markdown
41 lines
1.4 KiB
Markdown
---
|
|
# quotesdb-ysah
|
|
title: 'quotesdb/api: hidden flag for quotes (schema migration + endpoints)'
|
|
status: completed
|
|
type: feature
|
|
priority: normal
|
|
created_at: 2026-03-10T23:32:08Z
|
|
updated_at: 2026-03-10T23:32:08Z
|
|
---
|
|
|
|
## Summary
|
|
Add a boolean hidden flag to quotes. Hidden quotes are excluded from listing endpoints and require direct URL access. Changing a quote from hidden to public requires the auth code.
|
|
|
|
## Schema Migration
|
|
Add column to quotes table:
|
|
```sql
|
|
ALTER TABLE quotes ADD COLUMN hidden INTEGER NOT NULL DEFAULT 0;
|
|
```
|
|
|
|
## API Changes
|
|
- GET /api/quotes — filter out hidden=1 quotes by default
|
|
- GET /api/quotes/random — exclude hidden quotes
|
|
- GET /api/quotes/:id — return hidden quotes (direct access allowed)
|
|
- PUT /api/quotes — new quotes default to hidden=0 (not hidden)
|
|
- POST /api/quotes/:id — allow toggling hidden field; requires X-Auth-Code header
|
|
- Changing hidden=1 → hidden=0 (unhide) requires valid auth code
|
|
- Changing hidden=0 → hidden=1 (hide) also requires valid auth code
|
|
- The quote response body should include the hidden field
|
|
|
|
## Acceptance Criteria
|
|
- [ ] Schema migration applied
|
|
- [ ] Listing endpoints exclude hidden quotes
|
|
- [ ] Direct quote access (/api/quotes/:id) works for hidden quotes
|
|
- [ ] Toggle hidden requires valid X-Auth-Code (403 on mismatch)
|
|
- [ ] All existing tests pass
|
|
|
|
## Validation
|
|
```sh
|
|
cargo fmt && cargo check && cargo clippy && cargo test
|
|
```
|